From c4cc50ca39a32e9beeb29b6fb7b669adb6b9df98 Mon Sep 17 00:00:00 2001 From: meow Date: Wed, 20 Apr 2022 13:40:30 +0300 Subject: [PATCH] replace innerHTML to safer textContent where possible --- assets/js/community.js | 2 +- assets/js/embed.js | 2 +- assets/js/notifications.js | 2 +- assets/js/player.js | 4 ++-- assets/js/playlist_widget.js | 2 +- assets/js/subscribe_widget.js | 2 +- assets/js/watch.js | 14 +++++++------- assets/js/watched_widget.js | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/assets/js/community.js b/assets/js/community.js index 0f1d5d9c7..58caa71e2 100644 --- a/assets/js/community.js +++ b/assets/js/community.js @@ -1,5 +1,5 @@ 'use strict'; -var community_data = JSON.parse(document.getElementById('community_data').innerHTML); +var community_data = JSON.parse(document.getElementById('community_data').textContent); String.prototype.supplant = function (o) { return this.replace(/{([^{}]*)}/g, function (a, b) { diff --git a/assets/js/embed.js b/assets/js/embed.js index 69dcc0531..492f546bd 100644 --- a/assets/js/embed.js +++ b/assets/js/embed.js @@ -1,5 +1,5 @@ 'use strict'; -var video_data = JSON.parse(document.getElementById('video_data').innerHTML); +var video_data = JSON.parse(document.getElementById('video_data').textContent); function get_playlist(plid, retries) { if (retries === undefined) retries = 5; diff --git a/assets/js/notifications.js b/assets/js/notifications.js index d7732fb94..5f431a69a 100644 --- a/assets/js/notifications.js +++ b/assets/js/notifications.js @@ -1,5 +1,5 @@ 'use strict'; -var notification_data = JSON.parse(document.getElementById('notification_data').innerHTML); +var notification_data = JSON.parse(document.getElementById('notification_data').textContent); var notifications, delivered; diff --git a/assets/js/player.js b/assets/js/player.js index 315fb6185..7f0f8c7ad 100644 --- a/assets/js/player.js +++ b/assets/js/player.js @@ -1,6 +1,6 @@ 'use strict'; -var player_data = JSON.parse(document.getElementById('player_data').innerHTML); -var video_data = JSON.parse(document.getElementById('video_data').innerHTML); +var player_data = JSON.parse(document.getElementById('player_data').textContent); +var video_data = JSON.parse(document.getElementById('video_data').textContent); var options = { preload: 'auto', diff --git a/assets/js/playlist_widget.js b/assets/js/playlist_widget.js index c7f4805f4..d2f7d74c0 100644 --- a/assets/js/playlist_widget.js +++ b/assets/js/playlist_widget.js @@ -1,5 +1,5 @@ 'use strict'; -var playlist_data = JSON.parse(document.getElementById('playlist_data').innerHTML); +var playlist_data = JSON.parse(document.getElementById('playlist_data').textContent); function add_playlist_video(target) { var select = target.parentNode.children[0].children[1]; diff --git a/assets/js/subscribe_widget.js b/assets/js/subscribe_widget.js index d44d65da6..6f4d90f6f 100644 --- a/assets/js/subscribe_widget.js +++ b/assets/js/subscribe_widget.js @@ -1,5 +1,5 @@ 'use strict'; -var subscribe_data = JSON.parse(document.getElementById('subscribe_data').innerHTML); +var subscribe_data = JSON.parse(document.getElementById('subscribe_data').textContent); var subscribe_button = document.getElementById('subscribe'); subscribe_button.parentNode['action'] = 'javascript:void(0)'; diff --git a/assets/js/watch.js b/assets/js/watch.js index e435bc7e7..b7a80a18c 100644 --- a/assets/js/watch.js +++ b/assets/js/watch.js @@ -1,5 +1,5 @@ 'use strict'; -var video_data = JSON.parse(document.getElementById('video_data').innerHTML); +var video_data = JSON.parse(document.getElementById('video_data').textContent); String.prototype.supplant = function (o) { return this.replace(/{([^{}]*)}/g, function (a, b) { @@ -11,10 +11,10 @@ String.prototype.supplant = function (o) { function toggle_parent(target) { var body = target.parentNode.parentNode.children[1]; if (body.style.display === null || body.style.display === '') { - target.innerHTML = '[ + ]'; + target.textContent = '[ + ]'; body.style.display = 'none'; } else { - target.innerHTML = '[ - ]'; + target.textContent = '[ - ]'; body.style.display = ''; } } @@ -23,10 +23,10 @@ function toggle_comments(event) { var target = event.target; var body = target.parentNode.parentNode.parentNode.children[1]; if (body.style.display === null || body.style.display === '') { - target.innerHTML = '[ + ]'; + target.textContent = '[ + ]'; body.style.display = 'none'; } else { - target.innerHTML = '[ - ]'; + target.textContent = '[ - ]'; body.style.display = ''; } } @@ -50,7 +50,7 @@ function hide_youtube_replies(event) { var body = target.parentNode.parentNode.children[1]; body.style.display = 'none'; - target.innerHTML = sub_text; + target.textContent = sub_text; target.onclick = show_youtube_replies; target.setAttribute('data-inner-text', inner_text); target.setAttribute('data-sub-text', sub_text); @@ -65,7 +65,7 @@ function show_youtube_replies(event) { var body = target.parentNode.parentNode.children[1]; body.style.display = ''; - target.innerHTML = sub_text; + target.textContent = sub_text; target.onclick = hide_youtube_replies; target.setAttribute('data-inner-text', inner_text); target.setAttribute('data-sub-text', sub_text); diff --git a/assets/js/watched_widget.js b/assets/js/watched_widget.js index bd037c2be..b597a3c83 100644 --- a/assets/js/watched_widget.js +++ b/assets/js/watched_widget.js @@ -1,5 +1,5 @@ 'use strict'; -var watched_data = JSON.parse(document.getElementById('watched_data').innerHTML); +var watched_data = JSON.parse(document.getElementById('watched_data').textContent); function mark_watched(target) { var tile = target.parentNode.parentNode.parentNode.parentNode.parentNode;