github
/
AdminLTE
mirror of https://github.com/ColorlibHQ/AdminLTE
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix XSS in calendar.html (#2868) 

* Fix XSS in calendar.html

* Remove console.log
pull/2965/head
XhmikosR 2020-07-15 10:54:06 +03:00 committed by GitHub
parent d114eabfe6
commit 903143a1e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pages/calendar.html
View File

@ -889,7 +889,6 @@
new Draggable(containerEl, { new Draggable(containerEl, {
itemSelector: '.external-event', itemSelector: '.external-event',
eventData: function(eventEl) { eventData: function(eventEl) {
console.log(eventEl);
return { return {
title: eventEl.innerText, title: eventEl.innerText,
backgroundColor: window.getComputedStyle( eventEl ,null).getPropertyValue('background-color'), backgroundColor: window.getComputedStyle( eventEl ,null).getPropertyValue('background-color'),
@ -971,12 +970,12 @@
/* ADDING EVENTS */ /* ADDING EVENTS */
var currColor = '#3c8dbc' //Red by default var currColor = '#3c8dbc' //Red by default
//Color chooser button // Color chooser button
$('#color-chooser > li > a').click(function (e) { $('#color-chooser > li > a').click(function (e) {
e.preventDefault() e.preventDefault()
//Save color // Save color
currColor = $(this).css('color') currColor = $(this).css('color')
//Add color effect to button // Add color effect to button
$('#add-new-event').css({ $('#add-new-event').css({
'background-color': currColor, 'background-color': currColor,
'border-color' : currColor 'border-color' : currColor
@ -984,26 +983,26 @@
}) })
$('#add-new-event').click(function (e) { $('#add-new-event').click(function (e) {
e.preventDefault() e.preventDefault()
//Get value and make sure it is not null // Get value and make sure it is not null
var val = $('#new-event').val() var val = $('#new-event').val()
if (val.length == 0) { if (val.length == 0) {
return return
} }
//Create events // Create events
var event = $('<div />') var event = $('<div />')
event.css({ event.css({
'background-color': currColor, 'background-color': currColor,
'border-color' : currColor, 'border-color' : currColor,
'color' : '#fff' 'color' : '#fff'
}).addClass('external-event') }).addClass('external-event')
event.html(val) event.text(val)
$('#external-events').prepend(event) $('#external-events').prepend(event)
//Add draggable funtionality // Add draggable funtionality
ini_events(event) ini_events(event)
//Remove event from text input // Remove event from text input
$('#new-event').val('') $('#new-event').val('')
}) })
}) })