Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: Sanitize directory name before displaying it to the user

This commit is contained in:
Adrià Casajús 2022-05-13 16:55:45 +02:00
parent 514f5c8baa
commit 3a48b30f30
No known key found for this signature in database
GPG Key ID: F0033226A5AFC9B9
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
templates/dashboard/directory.html
View File

@ -197,14 +197,16 @@
$(".delete-dir").on("click", function (e) { $(".delete-dir").on("click", function (e) {
let directory = $(this).parent().find(".dir-name").val(); let directory = $(this).parent().find(".dir-name").val();
let that = $(this); const unsanitizedMessage = `All aliases associated with <b>${directory}</b> directory will also be deleted. ` +
let message = `All aliases associated with <b>${directory}</b> directory will also be deleted. ` +
`As a deleted directory can't be used by someone else, deleting a directory doesn't reset your directory quota. ` + `As a deleted directory can't be used by someone else, deleting a directory doesn't reset your directory quota. ` +
`Your directory quota will be {{ current_user.directory_quota }} after the deletion, ` + `Your directory quota will be {{ current_user.directory_quota }} after the deletion, ` +
" please confirm."; " please confirm.";
const element = document.createElement('div');
element.innerText = unsanitizedMessage;
const sanitizedMessage = element.innerHTML;
bootbox.confirm({ bootbox.confirm({
message: message, message: sanitizedMessage,
buttons: { buttons: {
confirm: { confirm: {
label: 'Yes, delete it', label: 'Yes, delete it',
@ -215,9 +217,9 @@
className: 'btn-outline-primary' className: 'btn-outline-primary'
} }
}, },
callback: function (result) { callback: (result) => {
if (result) { if (result) {
that.closest("form").submit(); this.closest("form").submit();
} }
} }
}) })