jonasled2/website
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix XSS injection possible in comment

Browse source
This commit is contained in:
Jonas Leder 2021-11-09 12:08:05 +01:00
parent 83ab214710
commit d1b98acec1
1 changed files with 23 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
js/customElements/commentsDisplay.js
View file

@ -10,15 +10,28 @@ class commentsDisplay extends HTMLElement {
if (xhr.status === 200) {
let comments = JSON.parse(xhr.responseText);
comments.forEach((element) => {
this.innerHTML += `
<h3 class="commentTitle">${element["name"]}</h3>
<div class="comment">
<img src="${element["gravatarURL"]}">
<article class="commentArticle">
<p class="commentText">${element["comment"]}</p>
</article>
</div>
`;
const h3 = document.createElement("h3");
h3.classList.add("commentTitle");
h3.innerText = element["name"];
this.appendChild(h3);
const commentDiv = document.createElement("div");
commentDiv.classList.add("comment");
this.appendChild(commentDiv);
const image = document.createElement("img");
image.src = element["gravatarURL"];
commentDiv.appendChild(image);
const article = document.createElement("article");
article.classList.add("commentArticle");
commentDiv.appendChild(article);
const commentText = document.createElement("p");
commentText.classList.add("commentText");
commentText.innerText = element["comment"];
article.appendChild(commentText);
});
} else {
let p = document.createElement("p");
@ -33,4 +46,4 @@ class commentsDisplay extends HTMLElement {
}
}
customElements.define("jl-comments_display", commentsDisplay);
customElements.define("jl-comments_display", commentsDisplay);