From 9b54dd0942b12166c4e1d85b7746751363fba26c Mon Sep 17 00:00:00 2001 From: Rael Date: Thu, 15 Oct 2015 09:50:35 -0300 Subject: Escaping single quotes in leftpane JS (#258) --- scudcloud-1.0/leftpane-src.js | 18 ++++++++++-------- scudcloud-1.0/resources/leftpane.js | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/scudcloud-1.0/leftpane-src.js b/scudcloud-1.0/leftpane-src.js index ae44fb5..40856f0 100644 --- a/scudcloud-1.0/leftpane-src.js +++ b/scudcloud-1.0/leftpane-src.js @@ -1,19 +1,21 @@ var LeftPane = { addTeam: function(id, name, url, icon, active){ var node = document.getElementById(id); - if(node == null){ + if(node === null){ var ul = document.getElementById('teams'); li = document.createElement('li'); li.id = id; - li.setAttribute("onclick", "LeftPane.switchTo('"+id+"','"+url+"')") - li.setAttribute("title", name) + li.setAttribute("onclick", "LeftPane.switchTo('"+id.replace(/'/g, '"')+"','"+url.replace(/'/g, '"')+"')"); + li.setAttribute("title", name); li.innerHTML = name[0]; if( icon ){ li.style.backgroundImage = "url('"+ icon +"')"; - li.innerHTML = "" + li.innerHTML = ""; } ul.appendChild(li); - if(active) LeftPane.setActive(id); + if(active){ + LeftPane.setActive(id); + } LeftPane.switchTo(id, url); } }, @@ -33,7 +35,7 @@ var LeftPane = { document.getElementById(team).classList.remove('alert'); }, switchTo: function(id, url){ - leftPane.switchTo(url) + leftPane.switchTo(url); LeftPane.setActive(id); }, setActive: function(id){ @@ -57,10 +59,10 @@ var LeftPane = { if (index >= list.length) { index = 0; } else if (index < 0) { - index = list.length - 1 + index = list.length - 1; } LeftPane.click(index); } -} +}; diff --git a/scudcloud-1.0/resources/leftpane.js b/scudcloud-1.0/resources/leftpane.js index 1ae607e..1138579 100644 --- a/scudcloud-1.0/resources/leftpane.js +++ b/scudcloud-1.0/resources/leftpane.js @@ -1 +1 @@ -var LeftPane={addTeam:function(e,t,n,l,i){var c=document.getElementById(e);if(null==c){var a=document.getElementById("teams");li=document.createElement("li"),li.id=e,li.setAttribute("onclick","LeftPane.switchTo('"+e+"','"+n+"')"),li.setAttribute("title",t),li.innerHTML=t[0],l&&(li.style.backgroundImage="url('"+l+"')",li.innerHTML=""),a.appendChild(li),i&&LeftPane.setActive(e),LeftPane.switchTo(e,n)}},click:function(e){for(var t=document.getElementsByTagName("li"),n=0;n=t.length?n=0:0>n&&(n=t.length-1),LeftPane.click(n)}}; +var LeftPane={addTeam:function(e,t,n,l,i){var c=document.getElementById(e);if(null===c){var a=document.getElementById("teams");li=document.createElement("li"),li.id=e,li.setAttribute("onclick","LeftPane.switchTo('"+e.replace(/'/g,""")+"','"+n.replace(/'/g,""")+"')"),li.setAttribute("title",t),li.innerHTML=t[0],l&&(li.style.backgroundImage="url('"+l+"')",li.innerHTML=""),a.appendChild(li),i&&LeftPane.setActive(e),LeftPane.switchTo(e,n)}},click:function(e){for(var t=document.getElementsByTagName("li"),n=0;n=t.length?n=0:0>n&&(n=t.length-1),LeftPane.click(n)}}; -- cgit v1.1