Przeglądaj źródła

Remove `{{message}}` interpolation.

It's not used and confuses people. Instead the message gets inserted via
`$.text`, to avoid injection attacks.
JC Brand 8 lat temu
rodzic
commit
ec9ed96568

+ 0 - 1
src/converse-chatview.js

@@ -344,7 +344,6 @@
                                 'time': msg_time.format('hh:mm'),
                                 'isodate': msg_time.format(),
                                 'username': username,
-                                'message': '',
                                 'extra_classes': extra_classes
                             })
                         )).children('.chat-msg-content').first().text(text)

+ 1 - 1
src/templates/action.html

@@ -1,4 +1,4 @@
 <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}">
     <span class="chat-msg-author chat-msg-{{sender}}">{{time}} **{{username}} </span>
-    <span class="chat-msg-content">{{message}}</span>
+    <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
 </div>

+ 1 - 1
src/templates/message.html

@@ -1,4 +1,4 @@
 <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}" data-msgid="{{msgid}}">
     <span class="chat-msg-author chat-msg-{{sender}}">{{time}} {{username}}:&nbsp;</span>
-    <span class="chat-msg-content">{{message}}</span>
+    <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
 </div>