mirror of
https://github.com/simple-login/app.git
synced 2024-09-28 20:51:29 +02:00
Fix: Sanitize directory name before displaying it to the user
This commit is contained in:
parent
514f5c8baa
commit
3a48b30f30
@ -197,14 +197,16 @@
|
||||
$(".delete-dir").on("click", function (e) {
|
||||
let directory = $(this).parent().find(".dir-name").val();
|
||||
|
||||
let that = $(this);
|
||||
let message = `All aliases associated with <b>${directory}</b> directory will also be deleted. ` +
|
||||
const unsanitizedMessage = `All aliases associated with <b>${directory}</b> directory will also be deleted. ` +
|
||||
`As a deleted directory can't be used by someone else, deleting a directory doesn't reset your directory quota. ` +
|
||||
`Your directory quota will be {{ current_user.directory_quota }} after the deletion, ` +
|
||||
" please confirm.";
|
||||
const element = document.createElement('div');
|
||||
element.innerText = unsanitizedMessage;
|
||||
const sanitizedMessage = element.innerHTML;
|
||||
|
||||
bootbox.confirm({
|
||||
message: message,
|
||||
message: sanitizedMessage,
|
||||
buttons: {
|
||||
confirm: {
|
||||
label: 'Yes, delete it',
|
||||
@ -215,9 +217,9 @@
|
||||
className: 'btn-outline-primary'
|
||||
}
|
||||
},
|
||||
callback: function (result) {
|
||||
callback: (result) => {
|
||||
if (result) {
|
||||
that.closest("form").submit();
|
||||
this.closest("form").submit();
|
||||
}
|
||||
}
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user