0
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-11-27 21:38:56 +01:00
gitea/web_src/js/features/comp/LabelEdit.js
Gusted 661d3d28e9
Prevent possible XSS when using jQuery (#18289)
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
2022-01-16 13:14:32 +08:00

31 lines
1.0 KiB
JavaScript

import {initCompColorPicker} from './ColorPicker.js';
export function initCompLabelEdit(selector) {
if (!$.find(selector).length) return;
// Create label
const $newLabelPanel = $('.new-label.segment');
$('.new-label.button').on('click', () => {
$newLabelPanel.show();
});
$('.new-label.segment .cancel').on('click', () => {
$newLabelPanel.hide();
});
initCompColorPicker();
$('.edit-label-button').on('click', function () {
$('.edit-label .color-picker').minicolors('value', $(this).data('color'));
$('#label-modal-id').val($(this).data('id'));
$('.edit-label .new-label-input').val($(this).data('title'));
$('.edit-label .new-label-desc-input').val($(this).data('description'));
$('.edit-label .color-picker').val($(this).data('color'));
$('.edit-label .minicolors-swatch-color').css('background-color', $(this).data('color'));
$('.edit-label.modal').modal({
onApprove() {
$('.edit-label.form').trigger('submit');
}
}).modal('show');
return false;
});
}