From ff1d42defd83d215a27aa17161443f54e8b621f9 Mon Sep 17 00:00:00 2001 From: Davide Bongiovanni Date: Thu, 8 Jun 2017 17:01:39 +0200 Subject: [PATCH] Fixing html injection in data fileds --- static/script.js | 160 +++++++++++++++++++++++++++-------------------- 1 file changed, 93 insertions(+), 67 deletions(-) diff --git a/static/script.js b/static/script.js index 7e721a0..bd80d9a 100644 --- a/static/script.js +++ b/static/script.js @@ -188,77 +188,103 @@ function show_part_info(partID) { }); } +function perform_query() { + var query = $('.search-bar').val(); + var filter = 0; + if($('#type').is(':checked')) + filter += 1; + if($('#partno').is(':checked')) + filter += 2 + 4 + 8; + if($('#description').is(':checked')) + filter += 16; + if($('#notes').is(':checked')) + filter += 32; + $.getJSON('https://www.elab.kth.se/parts/query/' + filter + '/' + query, function(data) { + var newResults = $('
'); + for(var i = 0; i < data.length; i++) { // Create new view for results + var newRow = $('
'); + var newClicker = $(''); + + newClicker.append($('
').text(text_filter(data[i].block))); + newClicker.append($('
').text(text_filter(data[i].type))); + newClicker.append($('
').text(text_filter(data[i].partno))); + newClicker.append($('
').text(text_filter(data[i].description))); + var notes = $('
'); + if (data[i].notes != null && data[i].notes.length > 0) { + var icon = $(''); + var tooltipText = $('
'); + tooltip.append(icon, tooltipText); + notes.append(tooltip); + } + newClicker.append(notes); + newClicker.append($('
') + .html('')); + + newRow.append(newClicker); + newResults.append(newRow); + /*newResults += '
'; + if (data[i].datasheet != null) + newResults += ''; + newResults += '
';*/ + + + //newResults += '
'; + //newResults += '' + + /*newResults += '
'; + if (data[i].block != null) + newResults += data[i].block; + newResults += '
';*/ + + /*newResults += '
'; + if (data[i].type != null) + newResults += data[i].type; + newResults += '
';*/ + + /*newResults += '
'; + if (data[i].partno != null) + newResults += data[i].partno; + newResults += '
';*/ + + /*newResults += '
'; + if (data[i].description != null) + newResults += data[i].description; + newResults += '
';*/ + + /*newResults += '
'; + if (data[i].notes != null && data[i].notes.length > 0) + newResults += '
' + data[i].notes + '
'; + //newResults += data[i].notes; + newResults += '
';*/ + + //newResults += '
' + //newResults += '
'; + } + //newResults += ''; + if(data.length == 0) { + newResults = '
'; + newResults += '

No results.

'; + newResults += '
'; + } + $('.results').replaceWith(newResults); + }).fail(function() { + var newResults = '
'; + newResults += '

No results.

'; + newResults += '
'; + $('.results').replaceWith(newResults); + console.log( "Query failed" ); + }); +} + $(document).ready(function() { $.ajaxSetup({ cache: false }); $('.search-bar').on('keyup', function() { - var query = $('.search-bar').val(); - var filter = 0; - if($('#type').is(':checked')) - filter += 1; - if($('#partno').is(':checked')) - filter += 2 + 4 + 8; - if($('#description').is(':checked')) - filter += 16; - if($('#notes').is(':checked')) - filter += 32; - $.getJSON('https://www.elab.kth.se/parts/query/' + filter + '/' + query, function(data) { - var newResults = '
'; - for(var i = 0; i < data.length; i++) { // Create new view for results - newResults += ''; - } - newResults += '
'; - if(data.length == 0) { - newResults = '
'; - newResults += '

No results.

'; - newResults += '
'; - } - $('.results').replaceWith(newResults); - }).fail(function() { - var newResults = '
'; - newResults += '

No results.

'; - newResults += '
'; - $('.results').replaceWith(newResults); - console.log( "Query failed" ); - }); + perform_query(); }); - $('.toggle-btn').on('change', function() { - // Re-perform query + perform_query(); }); - - //$('.results-row').on('click', ); });