baoshuo/S2OJ
baoshuo/S2OJ
1
1
Fork 0
mirror of https://github.com/renbaoshuo/S2OJ.git synced 2024-11-22 08:18:41 +00:00
Code Issues Actions Packages Releases Activity

fix: DOMPurify on user self review page

Browse Source
This commit is contained in:
Baoshuo Ren 2022-09-20 10:17:28 +08:00
parent db75573e1f
commit ad9bbf9222
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/app/controllers/user_self_reviews.php
View File

@ -67,7 +67,7 @@
$result .= '<td><div id="' . $problem_review_id . '"></div></td>'; $result .= '<td><div id="' . $problem_review_id . '"></div></td>';
$esc_problem_self_review = rawurlencode($problem_self_review != null ? $problem_self_review['content'] : ''); $esc_problem_self_review = rawurlencode($problem_self_review != null ? $problem_self_review['content'] : '');
$result .= '<script type="text/javascript">' $result .= '<script type="text/javascript">'
. "$(function() { $('#$problem_review_id').html(DOMPurify.sanitize('{$esc_problem_self_review}', $dom_sanitize_config)); });" . "$(function() { $('#$problem_review_id').html(DOMPurify.sanitize(decodeURIComponent(\"{$esc_problem_self_review}\"), $dom_sanitize_config)); });"
. '</script>'; . '</script>';
if ($i == 0) { if ($i == 0) {
@ -76,7 +76,7 @@
$esc_contest_self_review = rawurlencode($contest_self_review != null ? $contest_self_review['content'] : ''); $esc_contest_self_review = rawurlencode($contest_self_review != null ? $contest_self_review['content'] : '');
$result .= '<td rowspan="' . $n_contest_problems . '"><div id="' . $contest_review_id . '"></div></td>'; $result .= '<td rowspan="' . $n_contest_problems . '"><div id="' . $contest_review_id . '"></div></td>';
$result .= '<script type="text/javascript">' $result .= '<script type="text/javascript">'
. "$(function() { $('#$contest_review_id').html(DOMPurify.sanitize('{$esc_contest_self_review}', $dom_sanitize_config)); });" . "$(function() { $('#$contest_review_id').html(DOMPurify.sanitize(decodeURIComponent(\"{$esc_contest_self_review}\"), $dom_sanitize_config)); });"
. '</script>'; . '</script>';
} }