Browse Source

Fix XSS

pull/6/head
Menci 7 years ago
parent
commit
277afc5350
  1. 2
      views/index.ejs
  2. 2
      views/ranklist.ejs

2
views/index.ejs

@ -58,7 +58,7 @@
(function () { (function () {
var html = <%- JSON.stringify(user.information) %>; var html = <%- JSON.stringify(user.information) %>;
var elem = document.createElement('div'); var elem = document.createElement('div');
elem.style = 'overflow: hidden; width: 100%; '; elem.style = 'overflow: hidden; width: 100%; position: relative; ';
elem.style.maxHeight = lineHeight + 'px'; elem.style.maxHeight = lineHeight + 'px';
elem.innerHTML = html; elem.innerHTML = html;
var imgs = Array.prototype.slice.call(elem.getElementsByTagName('img')); var imgs = Array.prototype.slice.call(elem.getElementsByTagName('img'));

2
views/ranklist.ejs

@ -42,7 +42,7 @@
(function () { (function () {
var html = <%- JSON.stringify(user.information) %>; var html = <%- JSON.stringify(user.information) %>;
var elem = document.createElement('div'); var elem = document.createElement('div');
elem.style = 'overflow: hidden; width: 100%; '; elem.style = 'overflow: hidden; width: 100%; position: relative; ';
elem.style.maxHeight = lineHeight + 'px'; elem.style.maxHeight = lineHeight + 'px';
elem.innerHTML = html; elem.innerHTML = html;
var imgs = Array.prototype.slice.call(elem.getElementsByTagName('img')); var imgs = Array.prototype.slice.call(elem.getElementsByTagName('img'));

Loading…
Cancel
Save