Escape fields before passing to JS

This commit is contained in:
Mark Veidemanis 2022-08-03 07:20:30 +01:00
parent 83b6285931
commit 5cc04863ac
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
2 changed files with 12 additions and 7 deletions

View File

@ -5,7 +5,12 @@
<script>
function populateSearch(field, value) {
var queryElement = document.getElementById('query');
var toAppend = ` AND ${field}: ${value}`;
var present = true;
if (present == true) {
var toAppend = ` AND ${field}: "${value}"`;
} else {
var toAppend = ` AND NOT ${field}: "${value}"`;
}
if (!queryElement.value.includes(toAppend)) {
queryElement.value+=toAppend;
} else {

View File

@ -65,7 +65,7 @@
{% endif %}
<td>
<a class="has-text-link is-underlined"
onclick="populateSearch('src', '{{ item.src }}')">
onclick="populateSearch('src', '{{ item.src|escapejs }}')">
{% if item.src == 'irc' %}
<span class="icon" data-tooltip="IRC">
<i class="fa-solid fa-hashtag" aria-hidden="true"></i>
@ -79,7 +79,7 @@
</td>
<td>
<a class="has-text-link is-underlined"
onclick="populateSearch('type', '{{ item.type }}')">
onclick="populateSearch('type', '{{ item.type|escapejs }}')">
{% if item.type == 'msg' %}
<span class="icon" data-tooltip="Message">
<i class="fa-solid fa-message"></i>
@ -120,7 +120,7 @@
<td style="max-width: 10em" class="wrap">{{ item.msg }}</td>
<td>
<a class="has-text-link is-underlined"
onclick="populateSearch('host', '{{ item.host }}')">
onclick="populateSearch('host', '{{ item.host|escapejs }}')">
{{ item.host }}
</a>
</td>
@ -141,7 +141,7 @@
</span>
{% endif %}
</div>
<a class="nowrap-child has-text-link is-underlined" onclick="populateSearch('nick', '{{ item.nick }}')">
<a class="nowrap-child has-text-link is-underlined" onclick="populateSearch('nick', '{{ item.nick|escapejs }}')">
{{ item.nick }}
</a>
{% if item.num_chans is not None %}
@ -169,7 +169,7 @@
<td>
<div class="nowrap-parent">
<a class="nowrap-child has-text-link is-underlined"
onclick="populateSearch('channel', '{{ item.channel }}')">
onclick="populateSearch('channel', '{{ item.channel|escapejs }}')">
{{ item.channel }}
</a>
{% if item.num_users is not None %}
@ -183,7 +183,7 @@
</td>
<td>
<a class="has-text-link is-underlined"
onclick="populateSearch('net', '{{ item.net }}')">
onclick="populateSearch('net', '{{ item.net|escapejs }}')">
{{ item.net }}
</a>
</td>