Room links in iconbar roomlist now properly escaped with encodeURIcomponent()
authorArt Cancro <ajc@uncensored.citadel.org>
Tue, 20 Sep 2011 19:42:11 +0000 (15:42 -0400)
committerWilfried Goesgens <dothebart@citadel.org>
Tue, 18 Oct 2011 18:57:04 +0000 (20:57 +0200)
webcit/iconbar.c
webcit/static/wclib.js

index bdcadfb..7a6e39d 100644 (file)
@@ -133,7 +133,7 @@ void LoadIconSettings(StrBuf *iconbar, long lvalue)
        {
                WCC->IBSettingsVec = (long*) malloc (nIBV * sizeof(long));
        }
-       /**
+       /*
         * The initialized values of these variables also happen to
         * specify the default values for users who haven't customized
         * their iconbars.  These should probably be set in a master
index 31a0d7b..e8c0c4e 100644 (file)
@@ -270,7 +270,7 @@ function addRoomToList(floorUL,room, roomToEmphasize) {
   var hasNewMsgs = ((raflags & UA_HASNEWMSGS) == UA_HASNEWMSGS);
   var roomLI = document.createElement("li");
   var roomA = document.createElement("a");
-  roomA.setAttribute("href","dotgoto?room="+roomName);
+  roomA.setAttribute("href","dotgoto?room="+encodeURIComponent(roomName));
   roomA.appendChild(document.createTextNode(roomName));
   roomLI.appendChild(roomA);
   floorUL.appendChild(roomLI);