mirror of
https://github.com/zulip/zulip.git
synced 2025-11-06 15:03:34 +00:00
5a7b307d71
This fixes an XSS hole (#249). (imported from commit 5f70c0bc23e0d992f2d85889e2ba9157f1b73b3a)
35 lines
1.1 KiB
JavaScript
35 lines
1.1 KiB
JavaScript
// Miscellaneous early setup.
|
|
// This is the first of our Javascript files to be included.
|
|
|
|
var loading_spinner;
|
|
var templates = {};
|
|
$(function () {
|
|
// Display loading indicator. This disappears after the first
|
|
// get_updates completes.
|
|
if (have_initial_messages) {
|
|
loading_spinner = new Spinner().spin($('#loading_spinner')[0]);
|
|
} else {
|
|
$('#loading_indicator').hide();
|
|
}
|
|
|
|
// Compile Handlebars templates.
|
|
$.each(['message', 'subscription', 'narrowbar',
|
|
'userinfo_popover_title', 'userinfo_popover_content'],
|
|
function (index, name) {
|
|
templates[name] = Handlebars.compile($('#template_'+name).html());
|
|
}
|
|
);
|
|
|
|
// This requires that we used Django's {% csrf_token %} somewhere on the page.
|
|
var csrftoken = $('input[name="csrfmiddlewaretoken"]').attr('value');
|
|
|
|
$.ajaxSetup({
|
|
beforeSend: function (xhr, settings) {
|
|
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
|
// Only send the token to relative URLs i.e. locally.
|
|
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
|
}
|
|
}
|
|
});
|
|
});
|