Remove {{message}} interpolation.

It's not used and confuses people. Instead the message gets inserted via
`$.text`, to avoid injection attacks.
This commit is contained in:
JC Brand 2016-11-02 11:09:15 +00:00
parent 1b264461d7
commit ec9ed96568
3 changed files with 2 additions and 3 deletions

View File

@ -344,7 +344,6 @@
'time': msg_time.format('hh:mm'), 'time': msg_time.format('hh:mm'),
'isodate': msg_time.format(), 'isodate': msg_time.format(),
'username': username, 'username': username,
'message': '',
'extra_classes': extra_classes 'extra_classes': extra_classes
}) })
)).children('.chat-msg-content').first().text(text) )).children('.chat-msg-content').first().text(text)

View File

@ -1,4 +1,4 @@
<div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}"> <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}">
<span class="chat-msg-author chat-msg-{{sender}}">{{time}} **{{username}} </span> <span class="chat-msg-author chat-msg-{{sender}}">{{time}} **{{username}} </span>
<span class="chat-msg-content">{{message}}</span> <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
</div> </div>

View File

@ -1,4 +1,4 @@
<div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}" data-msgid="{{msgid}}"> <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}" data-msgid="{{msgid}}">
<span class="chat-msg-author chat-msg-{{sender}}">{{time}} {{username}}:&nbsp;</span> <span class="chat-msg-author chat-msg-{{sender}}">{{time}} {{username}}:&nbsp;</span>
<span class="chat-msg-content">{{message}}</span> <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
</div> </div>