From b28ef7abc59fcda924ff16ffea2e819710285744 Mon Sep 17 00:00:00 2001 From: Jiiks Date: Thu, 11 Aug 2016 17:53:25 +0300 Subject: [PATCH] Publicservers user data escape --- js/main.js | 15 +++++++++++++-- js/main.min.js | 4 ++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/js/main.js b/js/main.js index c4183bee..d8e2f0db 100644 --- a/js/main.js +++ b/js/main.js @@ -1004,15 +1004,17 @@ PublicServers.prototype.loadServers = function(dataset, search, clear) { html += 'Official!'; } - html += '' + source.name + ''; + html += '' + self.escape(source.name) + ''; var tags = []; source.categories.forEach(function(tag) { tags.push(tag.name); }); + var desc = + html += ''+tags.join(", ")+''; - html += ''+(source.description == undefined ? "No Description" : source.description)+''; + html += ''+(source.description == undefined ? "No Description" : self.escape(source.description)) +''; html += ''; html += ''; html += '
'; @@ -1107,6 +1109,15 @@ PublicServers.prototype.joinServer = function (code) { $(".create-guild-container input").val(code); $(".form.join-server .btn-primary").click(); }; + +PublicServers.prototype.escape = function(unsafe) { + return unsafe + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); +}; /* BetterDiscordApp QuickEmoteMenu JavaScript * Version: 1.3 * Author: Jiiks | http://jiiks.net diff --git a/js/main.min.js b/js/main.min.js index cc6c45cf..41d632de 100644 --- a/js/main.min.js +++ b/js/main.min.js @@ -38,8 +38,8 @@ inject();if(parent.children().hasClass("edited")){setTimeout(inject,250);}};Emot PublicServers.prototype.getPanel=function(){return this.container;};PublicServers.prototype.init=function(){this.filtered=["134680912691462144","86004744966914048"];this.bdServer=null;this.loadingServers=false;var self=this;var guilds=$(".guilds>:first-child");guilds.after($("
",{class:"guild",id:"bd-pub-li",css:{"height":"20px","display":settingsCookie["bda-gs-1"]==true?"":"none"}}).append($("
",{class:"guild-inner",css:{"height":"20px","border-radius":"4px"}}).append($("").append($("
",{css:{"line-height":"20px","font-size":"12px"},text:"public",id:"bd-pub-button"})))));$("#bd-pub-button").on("click",function(){self.show();});var panelBase='

Public Servers

  • All
  • FPS Games
  • MMO Games
  • MOBA Games
  • Strategy Games
  • Sports Games
  • Puzzle Games
  • Retro Games
  • Party Games
  • Tabletop Games
  • Sandbox Games
  • Community
  • Language
  • Programming
  • Other
  • Simulation Games
';this.container=panelBase;if($("#bd-pub-li").length<1){setTimeout(function(){self.init();},250);}};PublicServers.prototype.getPinnedServer=function(){var self=this;var dataset={"sort":[{"online":"desc"}],"size":1,"query":{"query_string":{"default_operator":"AND","query":"BetterDiscord"}}};$.ajax({type:"POST",dataType:"json",url:"https://search-discordservers-izrtub5nprzrl76ugyy6hdooe4.us-west-1.es.amazonaws.com/discord_servers/_search",crossDomain:true,data:JSON.stringify(dataset),success:function(data){try{var s=data.hits.hits[0]._source;if(s.identifier=="86004744966914048"){self.bdServer=s;self.showPinnedServer();}}catch(err){self.bdServer=null;}}});};PublicServers.prototype.hidePinnedServer=function(){$("#pubs-container .scroller-wrap").css({"margin-top":"0","height":"500px"});$(".server-pinned").hide();};PublicServers.prototype.showPinnedServer=function(){$(".server-pinned .server-icon").css("background-image","url("+this.bdServer.icon+")");$(".server-pinned .server-members span").text(this.bdServer.online+"/"+this.bdServer.members+" Members");$(".server-pinned .server-region span").text(this.bdServer.region);$(".server-pinned .server-info button").data("server-invite-code",this.bdServer.invite_code);$("#pubs-container .scroller-wrap").css({"margin-top":"75px","height":"425px"});$(".server-pinned").show();};PublicServers.prototype.show=function(){var self=this;this.hidePinnedServer();$("#pubs-cat-select").text("All");this.selectedCategory="all";$("#pubs-container .scroller-wrap").css({"margin-top":"0","height":"500px"});$(".server-pinned").hide();$(".app").append(this.getPanel());if(this.bdServer==null){this.getPinnedServer();}else{this.showPinnedServer();} self.search(0,true);$("#pubs-searchbtn").off("click").on("click",function(){self.search();});$("#pubs-sterm").off("keyup").on("keyup",function(e){if(e.keyCode==13){self.search(0,true);}});$("#pubs-cat-select").off("click").on("click",function(){$("#pubs-select-dropdown").addClass("open");});$(".pubs-cat-select-li").off("click").on("click",function(){$("#pubs-select-dropdown").removeClass("open");$("#pubs-cat-select").text($(this).text());if(self.selectedCategory!=$(this).data("val")){self.selectedCategory=$(this).data("val");self.search(0,true);}});$("#pubs-container").off("mouseup").on("mouseup",function(){$("#pubs-select-dropdown").removeClass("open");});var self=this;$(document).on("mouseup.bdps",function(e){if(!$("#bd-pub-button").is(e.target)&&!$("#pubs-container").is(e.target)&&$("#pubs-container").has(e.target).length===0){self.hide();}});$("#pubs-scroller").off("scroll.pubs").on("scroll.pubs",function(){if(self.loadingServers)return;var list=$("#pubs-list");if($(this).scrollTop()+550
';html+='
';html+='
';if(source.is_official){html+='Official!';} -html+=''+source.name+'';var tags=[];source.categories.forEach(function(tag){tags.push(tag.name);});html+=''+tags.join(", ")+'';html+=''+(source.description==undefined?"No Description":source.description)+'';html+='
';html+='
';html+='
';html+=''+source.online+'/'+source.members+' Members';html+='
';html+='
';html+=''+source.region+'';html+='
';html+='
';html+='';html+='
';html+='
';$("#pubs-list").append(html);$("button[data-server-invite-code="+icode+"]").on("click",function(){self.joinServer(icode);});});if(search){$("#pubs-header-title").text("Public Servers - Search Results: "+$("#pubs-list").children().length);}},done:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},always:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},error:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},complete:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;}});};PublicServers.prototype.search=function(start,clear){var sterm=$("#pubs-sterm").val();var dataset={"sort":[{"online":"desc"}],"from":start,"size":20,"query":{"filtered":{"query":{"query_string":{"default_operator":"AND","query":sterm?sterm:"*"}},"filter":{"bool":{"must_not":[{"terms":{"identifier":this.filtered}}]}}}}};if(this.selectedCategory!="all"){dataset.query.filtered.filter.bool.must=[{"term":{"categories.id":this.selectedCategory}}]} -this.loadServers(dataset,true,clear);};PublicServers.prototype.joinServer=function(code){$(".guilds-add").click();$(".action.join .btn").click();$(".create-guild-container input").val(code);$(".form.join-server .btn-primary").click();};function QuickEmoteMenu(){} +html+=''+self.escape(source.name)+'';var tags=[];source.categories.forEach(function(tag){tags.push(tag.name);});var desc=html+=''+tags.join(", ")+'';html+=''+(source.description==undefined?"No Description":self.escape(source.description))+'';html+='
';html+='
';html+='
';html+=''+source.online+'/'+source.members+' Members';html+='
';html+='
';html+=''+source.region+'';html+='
';html+='
';html+='';html+='
';html+='';$("#pubs-list").append(html);$("button[data-server-invite-code="+icode+"]").on("click",function(){self.joinServer(icode);});});if(search){$("#pubs-header-title").text("Public Servers - Search Results: "+$("#pubs-list").children().length);}},done:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},always:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},error:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;},complete:function(){$("#pubs-spinner").hide();$("#pubs-spinner-bottom").hide();$("#pubs-searchbtn").prop("disabled",false);$("#pubs-sterm").prop("disabled",false);self.loadingServers=false;}});};PublicServers.prototype.search=function(start,clear){var sterm=$("#pubs-sterm").val();var dataset={"sort":[{"online":"desc"}],"from":start,"size":20,"query":{"filtered":{"query":{"query_string":{"default_operator":"AND","query":sterm?sterm:"*"}},"filter":{"bool":{"must_not":[{"terms":{"identifier":this.filtered}}]}}}}};if(this.selectedCategory!="all"){dataset.query.filtered.filter.bool.must=[{"term":{"categories.id":this.selectedCategory}}]} +this.loadServers(dataset,true,clear);};PublicServers.prototype.joinServer=function(code){$(".guilds-add").click();$(".action.join .btn").click();$(".create-guild-container input").val(code);$(".form.join-server .btn-primary").click();};PublicServers.prototype.escape=function(unsafe){return unsafe.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'");};function QuickEmoteMenu(){} QuickEmoteMenu.prototype.init=function(){$(document).on("mousedown",function(e){if(e.target.id!="rmenu")$("#rmenu").remove();});this.favoriteEmotes={};var fe=localStorage["bdfavemotes"];if(fe!=undefined){this.favoriteEmotes=JSON.parse(atob(fe));} var qmeHeader="";qmeHeader+="
";qmeHeader+="