paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-06 23:13:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

web: Add missing CSS.escape calls.

Browse Source 
When referring to <div id="my-id" class="my-class">:

- my-id is an id
- #my-id is a selector
- my-class is a class name
- .my-class is a selector

When an id or a class name is interpolated into a selector, it needs
to be escaped with CSS.escape.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2023-03-31 16:42:40 -07:00
committed by Tim Abbott
parent 341f6173aa
commit 6199be39da
10 changed files with 60 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
web/src/compose_validate.js
View File

@@ -138,7 +138,7 @@ export function warn_if_mentioning_unsubscribed_user(mentioned) {
if (needs_subscribe_warning(user_id, sub.stream_id)) {
const $existing_invites_area = $(
`#compose_banners .${compose_banner.CLASSNAMES.recipient_not_subscribed}`,
`#compose_banners .${CSS.escape(compose_banner.CLASSNAMES.recipient_not_subscribed)}`,
);
const existing_invites = [...$existing_invites_area].map((user_row) =>
@@ -172,7 +172,7 @@ export function warn_if_mentioning_unsubscribed_user(mentioned) {
// current narrow.
export function clear_topic_resolved_warning() {
compose_state.set_recipient_viewed_topic_resolved_banner(false);
$(`#compose_banners .${compose_banner.CLASSNAMES.topic_resolved}`).remove();
$(`#compose_banners .${CSS.escape(compose_banner.CLASSNAMES.topic_resolved)}`).remove();
}
export function warn_if_topic_resolved(topic_changed) {
@@ -245,7 +245,7 @@ function show_wildcard_warnings(stream_id) {
});
// only show one error for any number of @all or @everyone mentions
if ($(`#compose_banners .${classname}`).length === 0) {
if ($(`#compose_banners .${CSS.escape(classname)}`).length === 0) {
$compose_banner_area.append(wildcard_template);
}
@@ -254,7 +254,7 @@ function show_wildcard_warnings(stream_id) {
export function clear_wildcard_warnings() {
const classname = compose_banner.CLASSNAMES.wildcard_warning;
$(`#compose_banners .${classname}`).remove();
$(`#compose_banners .${CSS.escape(classname)}`).remove();
}
export function set_user_acknowledged_wildcard_flag(value) {
@@ -400,7 +400,10 @@ export function validation_error(error_type, stream_name) {
);
return false;
case "not-subscribed": {
if ($(`#compose_banners .${compose_banner.CLASSNAMES.user_not_subscribed}`).length) {
if (
$(`#compose_banners .${CSS.escape(compose_banner.CLASSNAMES.user_not_subscribed)}`)
.length
) {
return false;
}
const sub = stream_data.get_sub(stream_name);
@@ -586,13 +589,13 @@ export function check_overflow_text() {
$indicator.text(text.length + "/" + max_length);
$("#compose-send-button").prop("disabled", false);
$(`#compose_banners .${compose_banner.CLASSNAMES.message_too_long}`).remove();
$(`#compose_banners .${CSS.escape(compose_banner.CLASSNAMES.message_too_long)}`).remove();
} else {
$indicator.text("");
$("#compose-textarea").removeClass("over_limit");
$("#compose-send-button").prop("disabled", false);
$(`#compose_banners .${compose_banner.CLASSNAMES.message_too_long}`).remove();
$(`#compose_banners .${CSS.escape(compose_banner.CLASSNAMES.message_too_long)}`).remove();
}
return text.length;