r51191 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51190‎ \| r51191 \| r51192 >
Date:	10:52, 30 May 2009
Author:	thomasv
Status:	ok
Tags:
Comment:	per Tim's comment, escaping text bound for innerHTML
Modified paths:	/trunk/extensions/ProofreadPage/proofread.js (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/proofread.js
—	—	@@ -14,30 +14,36 @@
15	15	if(self.proofreadPageViewURL) {
16	16	b[0].innerHTML = b[0].innerHTML
17	17	+ '<li id="ca-image">'
18		~~- + '<a href="'+proofreadPageViewURL+'">'~~
19		~~- + proofreadPageMessageImage+'</a></li>';~~
	18	+ + '<a href="' + escapeQuotesHTML(proofreadPageViewURL) + '">'
	19	+ + escapeQuotesHTML(proofreadPageMessageImage) + '</a></li>';
20	20	}
21	21
22	22	if(self.proofreadPageIndexURL){
23	23	b[0].innerHTML = b[0].innerHTML
24	24	+ '<li id="ca-index">'
25		~~- + '<a href="'+proofreadPageIndexURL+'" title="'+proofreadPageMessageIndex+'">'~~
26		~~- + '<img src="'+wgScriptPath+'/extensions/ProofreadPage/uparrow.png" alt="'+proofreadPageMessageIndex+'" width="15" height="15" /></a></li>';~~
	25	+ + '<a href="' + escapeQuotesHTML(proofreadPageIndexURL)
	26	+ + '" title="' + escapeQuotesHTML(proofreadPageMessageIndex) + '">'
	27	+ + '<img src="' + wgScriptPath + '/extensions/ProofreadPage/uparrow.png" alt="'
	28	+ + escapeQuotesHTML(proofreadPageMessageIndex) + '" width="15" height="15" /></a></li>';
27	29	}
28	30
29	31	if(self.proofreadPageNextURL){
30	32	b[0].innerHTML =
31	33	'<li id="ca-next">'
32		~~- + '<a href="'+self.proofreadPageNextURL+'" title="'+proofreadPageMessageNextPage+'">'~~
33		~~- + '<img src="'+wgScriptPath+'/extensions/ProofreadPage/rightarrow.png" alt="'+proofreadPageMessageNextPage+'" width="15" height="15" /></a></li>'~~
	34	+ + '<a href="' + escapeQuotesHTML(self.proofreadPageNextURL)
	35	+ + '" title="' + escapeQuotesHTML(proofreadPageMessageNextPage) + '">'
	36	+ + '<img src="' + wgScriptPath + '/extensions/ProofreadPage/rightarrow.png" alt="'
	37	+ + escapeQuotesHTML(proofreadPageMessageNextPage) + '" width="15" height="15" /></a></li>'
34	38	+ b[0].innerHTML ;
35	39	}
36	40
37	41	if(self.proofreadPagePrevURL){
38	42	b[0].innerHTML =
39	43	'<li id="ca-prev">'
40		~~- + '<a href="'+self.proofreadPagePrevURL+'" title="'+proofreadPageMessagePrevPage+'">'~~
41		~~- + '<img src="'+wgScriptPath+'/extensions/ProofreadPage/leftarrow.png" alt="'+proofreadPageMessagePrevPage+'" width="15" height="15" /></a></li>'~~
	44	+ + '<a href="' + escapeQuotesHTML(self.proofreadPagePrevURL)
	45	+ + '" title="' + escapeQuotesHTML(proofreadPageMessagePrevPage) + '">'
	46	+ + '<img src="' + wgScriptPath + '/extensions/ProofreadPage/leftarrow.png" alt="'
	47	+ + escapeQuotesHTML(proofreadPageMessagePrevPage) + '" width="15" height="15" /></a></li>'
42	48	+ b[0].innerHTML ;
43	49	}
44	50	}
—	—	@@ -143,12 +149,12 @@
144	150	pageFooter = pageFooter.split("&").join("&")
145	151
146	152	container.innerHTML = ''
147		~~- +'<div id="prp_header" style="display:none">'+proofreadPageMessageHeader+'<br/>'~~
148		~~- +'<textarea name="headerTextbox" rows="2" cols="80">'+pageHeader+'</textarea>'~~
149		~~- +'<br/>'+proofreadPageMessagePageBody+'<br/></div>'~~
150		~~- +'<textarea name="wpTextbox1" id="wpTextbox1" rows="40" cols="80">'+pageBody+'</textarea>'~~
151		~~- +'<div id="prp_footer" style="display:none">'+proofreadPageMessageFooter+'<br/>'~~
152		~~- +'<textarea name="footerTextbox" rows="2" cols="80">'+pageFooter+'</textarea></div>';~~
	153	+ + '<div id="prp_header" style="display:none">' + escapeQuotesHTML(proofreadPageMessageHeader) + '<br/>'
	154	+ + '<textarea name="headerTextbox" rows="2" cols="80">' + pageHeader + '</textarea>'
	155	+ + '<br/>' + escapeQuotesHTML(proofreadPageMessagePageBody) + '<br/></div>'
	156	+ + '<textarea name="wpTextbox1" id="wpTextbox1" rows="40" cols="80">'+pageBody+'</textarea>'
	157	+ + '<div id="prp_footer" style="display:none">' + escapeQuotesHTML(proofreadPageMessageFooter) + '<br/>'
	158	+ + '<textarea name="footerTextbox" rows="2" cols="80">'+pageFooter+'</textarea></div>';
153	159
154	160
155	161	var saveButton = document.getElementById("wpSave");
—	—	@@ -601,7 +607,11 @@
602	608	img_w = 0; //prevent the container from being resized when the image is downloaded.
603	609	self.container_css = "background:#000000; overflow:auto; width:100%; height:"+self.DisplayHeight+"px;";
604	610	}
605		~~- image_container.innerHTML = "<img id=\"ProofReadImage\" src=\""+proofreadPageViewURL+"\" width=\""+img_w+"\" />";~~
	611	+ image_container.innerHTML =
	612	+ "<img id=\"ProofReadImage\" src=\""
	613	+ + escapeQuotesHTML(proofreadPageViewURL)
	614	+ + "\" width=\""+img_w+"\" />";
	615	+
606	616	image_container.style.cssText = self.container_css;
607	617	document.getElementById("wpTextbox1").style.cssText = "height:"+(self.DisplayHeight-7)+"px";
608	618	pr_zoom(0);
—	—	@@ -847,7 +857,7 @@
848	858	+'<span class="quality1"> <input type="radio" name="quality" onclick="pr_add_quality(this.form,1)"> </span>'
849	859	+'<span class="quality3"> <input type="radio" name="quality" onclick="pr_add_quality(this.form,3)"> </span>'
850	860	+'<span class="quality4"> <input type="radio" name="quality" onclick="pr_add_quality(this.form,4)"> </span>';
851		~~- f.innerHTML = f.innerHTML + ' '+proofreadPageMessageStatus;~~
	861	+ f.innerHTML = f.innerHTML + ' ' + escapeQuotesHTML(proofreadPageMessageStatus);
852	862	ig.parentNode.insertBefore(f,ig.nextSibling.nextSibling.nextSibling);
853	863
854	864	var show4 = false;

Status & tagging log

02:22, 6 June 2009 Tim Starling (talk | contribs) changed the status of r51191 [removed: new added: ok]