From 1431f977a7d140340fbc705653e9cc9545a7f005 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Tue, 14 Dec 2021 17:48:31 -0500 Subject: [PATCH] Append messages to the DOM tree as div elements instead of as text. This preserves the document tree's integrity when a malformed message arrives. --- webcit-ng/static/js/view_forum.js | 120 ++++++++++++++++-------------- 1 file changed, 65 insertions(+), 55 deletions(-) diff --git a/webcit-ng/static/js/view_forum.js b/webcit-ng/static/js/view_forum.js index 3950000b3..f182dc535 100644 --- a/webcit-ng/static/js/view_forum.js +++ b/webcit-ng/static/js/view_forum.js @@ -118,7 +118,12 @@ function forum_render_messages(message_numbers, msgs_div_name, scroll_to) { let msg_promises = Array.apply(null, Array(num_msgs)); for (i=0; i response.json()); + .then(response => response.json()) + .catch((error) => { + response => null; + console.error('Error: ', error); + }) + ; } // Here is the async function that waits for all the messages to be loaded, and then renders them. @@ -131,8 +136,7 @@ function forum_render_messages(message_numbers, msgs_div_name, scroll_to) { // Note: "let" keeps "i" in scope even through the .then scope for (let i=0; i { - document.getElementById(msgs_div_name).innerHTML += - forum_render_one(message_numbers[i], one_message); + document.getElementById(msgs_div_name).append(forum_render_one(one_message)); }); //if (msgnum == scroll_to) { //document.getElementById(prefix+msgnum).scrollIntoView({behavior: "smooth", block: "start", inline: "nearest"}); @@ -144,63 +148,69 @@ function forum_render_messages(message_numbers, msgs_div_name, scroll_to) { } -// We have to put each XHR for forum_render_messages() into its own stack frame, otherwise it jumbles them together. I don't know why. -function forum_render_one(msgnum, msg) { +// Render a message. Returns a div object. +function forum_render_one(msg) { + let div = document.createElement("div"); mdiv = randomString(10); // div name for this message - - outmsg = - "
" // begin message div - + "
" // begin message wrapper - + "
" // begin avatar - + "" - + "
" // end avatar - + "
" // begin content - + "
" // begin header - + "" // begin header info on left side - + "" // FIXME link to user profile - + msg.from - + "" // end username - + "" - + msg.time - + "" // end msgdate - + "" // end header info on left side - + "" // begin buttons on right side - - + "" // Reply - + "" - + " " - + _("Reply") - + "" - - + "" // ReplyQuoted - + "" - + " " - + _("ReplyQuoted") - + "" - - + "" // Delete , show only with permission FIXME - + " " - + _("Delete") - + "" - - + ""; // end buttons on right side - if (msg.subj) { + div.id = mdiv; + + try { + outmsg = + "
" // begin message wrapper + + "
" // begin avatar + + "" + + "
" // end avatar + + "
" // begin content + + "
" // begin header + + "" // begin header info on left side + + "" // FIXME link to user profile + + msg.from + + "" // end username + + "" + + msg.time + + "" // end msgdate + + "" // end header info on left side + + "" // begin buttons on right side + + + "" // Reply + + "" + + " " + + _("Reply") + + "" + + + "" // ReplyQuoted + + "" + + " " + + _("ReplyQuoted") + + "" + + + "" // Delete , show only with permission FIXME + + " " + + _("Delete") + + "" + + + ""; // end buttons on right side + if (msg.subj) { + outmsg += + "
" + msg.subj + ""; + } outmsg += - "
" + msg.subj + ""; + "

" // end header + + "
" // begin body + + msg.text + + "
" // end body + + "
" // end content + + "
" // end wrapper + ; + } + catch(err) { + outmsg = "
" + err.message + "
"; } - outmsg += - "

" // end header - + "
" // begin body - + msg.text - + "
" // end body - + "
" // end content - + "
" // end wrapper - + "
" // end message div - ; - return(outmsg); + div.innerHTML = outmsg; + return(div); } -- 2.39.2