From ec9ed96568a9ed0279913ab3329cc759cd9b38be Mon Sep 17 00:00:00 2001 From: JC Brand Date: Wed, 2 Nov 2016 11:09:15 +0000 Subject: [PATCH] Remove `{{message}}` interpolation. It's not used and confuses people. Instead the message gets inserted via `$.text`, to avoid injection attacks. --- src/converse-chatview.js | 1 - src/templates/action.html | 2 +- src/templates/message.html | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/converse-chatview.js b/src/converse-chatview.js index 4c81d399e..71cb43a78 100644 --- a/src/converse-chatview.js +++ b/src/converse-chatview.js @@ -344,7 +344,6 @@ 'time': msg_time.format('hh:mm'), 'isodate': msg_time.format(), 'username': username, - 'message': '', 'extra_classes': extra_classes }) )).children('.chat-msg-content').first().text(text) diff --git a/src/templates/action.html b/src/templates/action.html index 5cf728c7e..00bad5410 100644 --- a/src/templates/action.html +++ b/src/templates/action.html @@ -1,4 +1,4 @@
{{time}} **{{username}} - {{message}} +
diff --git a/src/templates/message.html b/src/templates/message.html index 75ef62638..a8bf72512 100644 --- a/src/templates/message.html +++ b/src/templates/message.html @@ -1,4 +1,4 @@
{{time}} {{username}}:  - {{message}} +