baoshuo/S2OJ
baoshuo/S2OJ
1
1
Fork 0
mirror of https://github.com/renbaoshuo/S2OJ.git synced 2024-11-09 23:08:42 +00:00
Code Issues Actions Packages Releases Activity

refactor(web/contest/self_reviews): drop DOMPurify

Browse Source
This commit is contained in:
Baoshuo Ren 2022-10-08 19:46:52 +08:00
parent df7d7639b1
commit b6e83e1535
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
4 changed files with 4 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/app/libs/uoj-contest-lib.php
View File

@ -112,6 +112,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
}
if ($show_reviews) {
$purifier = HTML::pruifier();
foreach ($contest_data['people'] as $person) {
foreach ($contest_data['problems'] as $key => $problem) {
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'");
@ -121,7 +122,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
}
if ($review_result['content']) {
$score[$person[0]][$key][] = $review_result['content'];
$score[$person[0]][$key][] = $purifier->purify($review_result['content']);
}
}
}
@ -146,7 +147,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = -1 and poster = '{$person[0]}'");
if ($review_result['content']) {
$cur[] = $review_result['content'];
$cur[] = $purifier->purify($review_result['content']);
}
}

3
web/app/views/page-header.php
View File

@ -96,9 +96,6 @@
<!-- Color converter -->
<?= HTML::js_src('/js/color-converter.min.js') ?>
<!-- DOM Santizer -->
<?= HTML::js_src('/js/purify.min.js') ?>
<!-- uoj -->
<?= HTML::js_src('/js/uoj.js?v=' . UOJConfig::$data['profile']['s2oj-version']) ?>

2
web/js/purify.min.js vendored
View File

File diff suppressed because one or more lines are too long

8
web/js/uoj.js
View File

@ -1135,13 +1135,7 @@ function showStandings() {
col_tr += '</div>';
if (show_self_reviews) {
col_tr += '<div id="review-' + row[2][0] + '-' + i + '"></div>'
+ '<script>'
+ '(function() {'
+ 'var purify_result = DOMPurify.sanitize(decodeURIComponent("' + encodeURIComponent(String(col[3] || '')) + '"), {ALLOWED_TAGS: ["a", "b", "i", "u", "em", "strong", "sub", "sup", "small", "del", "br"], ALLOWED_ATTR: ["href"]});'
+ '$("#review-' + row[2][0] + '-' + i + '")'
+ '.html(purify_result ? \'<div class="mt-2 pt-2 border-top">\' + purify_result + \'</div>\' : \'\'); })();'
+ '</scr' + 'ipt>';
col_tr += col[3] ? '<div class="mt-2 pt-2 border-top">' + col[3] + '</div>' : '';
} else {
if (standings_version < 2) {
col_tr += '<div>' + getPenaltyTimeStr(col[1]) + '</div>';