XSS fix, books only shows title with out color atm...

2020-03-28 04:03:36 +01:00
parent 1d9e4fa598
commit 135e877fa8
6 changed files with 35 additions and 18 deletions
--- a/it1/js/converters/kommentar.js
+++ b/it1/js/converters/kommentar.js
@@ -8,9 +8,13 @@ class Comment {
    toString() {
        return this.name+': '+this.message
    }
-    toHtml(user) {
-        return '<p id="kommentar">'+this.name+': '+this.message
-            +(user?' &nbsp; <a class="btn btn-primary" href="javascript: remove(\''+this.cfid+'\')">Slett</a>':'')+'</p>'
+    toHtml(elm) {
+        let user = firebase.auth().currentUser
+        elm.append('<p class="kommentar"></p>')
+        $($('.kommentar')[$('.kommentar').length-1]).text(this.toString())
+        if (user) {
+            $($('.kommentar')[$('.kommentar').length-1]).append(' &nbsp; <a class="btn btn-primary" href="javascript: remove(\''+this.cfid+'\')">Slett</a>')
+        }
    }
 }