mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-22 20:48:41 +00:00
refactor(web/contest/self_reviews): drop DOMPurify
This commit is contained in:
parent
df7d7639b1
commit
b6e83e1535
@ -112,6 +112,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($show_reviews) {
|
if ($show_reviews) {
|
||||||
|
$purifier = HTML::pruifier();
|
||||||
foreach ($contest_data['people'] as $person) {
|
foreach ($contest_data['people'] as $person) {
|
||||||
foreach ($contest_data['problems'] as $key => $problem) {
|
foreach ($contest_data['problems'] as $key => $problem) {
|
||||||
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'");
|
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'");
|
||||||
@ -121,7 +122,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($review_result['content']) {
|
if ($review_result['content']) {
|
||||||
$score[$person[0]][$key][] = $review_result['content'];
|
$score[$person[0]][$key][] = $purifier->purify($review_result['content']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -146,7 +147,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
|
|||||||
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = -1 and poster = '{$person[0]}'");
|
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = -1 and poster = '{$person[0]}'");
|
||||||
|
|
||||||
if ($review_result['content']) {
|
if ($review_result['content']) {
|
||||||
$cur[] = $review_result['content'];
|
$cur[] = $purifier->purify($review_result['content']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,9 +96,6 @@
|
|||||||
<!-- Color converter -->
|
<!-- Color converter -->
|
||||||
<?= HTML::js_src('/js/color-converter.min.js') ?>
|
<?= HTML::js_src('/js/color-converter.min.js') ?>
|
||||||
|
|
||||||
<!-- DOM Santizer -->
|
|
||||||
<?= HTML::js_src('/js/purify.min.js') ?>
|
|
||||||
|
|
||||||
<!-- uoj -->
|
<!-- uoj -->
|
||||||
<?= HTML::js_src('/js/uoj.js?v=' . UOJConfig::$data['profile']['s2oj-version']) ?>
|
<?= HTML::js_src('/js/uoj.js?v=' . UOJConfig::$data['profile']['s2oj-version']) ?>
|
||||||
|
|
||||||
|
2
web/js/purify.min.js
vendored
2
web/js/purify.min.js
vendored
File diff suppressed because one or more lines are too long
@ -1135,13 +1135,7 @@ function showStandings() {
|
|||||||
|
|
||||||
col_tr += '</div>';
|
col_tr += '</div>';
|
||||||
if (show_self_reviews) {
|
if (show_self_reviews) {
|
||||||
col_tr += '<div id="review-' + row[2][0] + '-' + i + '"></div>'
|
col_tr += col[3] ? '<div class="mt-2 pt-2 border-top">' + col[3] + '</div>' : '';
|
||||||
+ '<script>'
|
|
||||||
+ '(function() {'
|
|
||||||
+ 'var purify_result = DOMPurify.sanitize(decodeURIComponent("' + encodeURIComponent(String(col[3] || '')) + '"), {ALLOWED_TAGS: ["a", "b", "i", "u", "em", "strong", "sub", "sup", "small", "del", "br"], ALLOWED_ATTR: ["href"]});'
|
|
||||||
+ '$("#review-' + row[2][0] + '-' + i + '")'
|
|
||||||
+ '.html(purify_result ? \'<div class="mt-2 pt-2 border-top">\' + purify_result + \'</div>\' : \'\'); })();'
|
|
||||||
+ '</scr' + 'ipt>';
|
|
||||||
} else {
|
} else {
|
||||||
if (standings_version < 2) {
|
if (standings_version < 2) {
|
||||||
col_tr += '<div>' + getPenaltyTimeStr(col[1]) + '</div>';
|
col_tr += '<div>' + getPenaltyTimeStr(col[1]) + '</div>';
|
||||||
|
Loading…
Reference in New Issue
Block a user