Andreas/evennia
1
0
Fork 0
mirror of https://github.com/evennia/evennia.git synced 2026-03-16 21:06:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix potential security issue with goldenlayout DOM usage

Browse source
This commit is contained in:
Griatch 2024-03-17 12:29:13 +01:00
parent a24b384e00
commit abbe52c72c
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
evennia/web/static/webclient/js/plugins/goldenlayout.js
View file

@ -565,25 +565,29 @@ let goldenlayout = (function () {
uploadLayouts();
}
//
//
// This is a helper function for when adding items from the OptionsUI's layout listing
var addLayoutUI = function (layoutDiv, name) {
var div = $("<div id='"+name+"' >");
// Create a div and set its id property
var div = $("<div>").attr("id", name);
var option = $("<input type='button' class='goldenlayout' value='"+name+"'>");
// Create an option button and add click event listener
var option = $("<input>", { type: "button", class: "goldenlayout", value: name });
option.on("click", onSwitchLayout);
div.append(option);
if( name !== "default" && name !== activeLayoutName ) {
var remove = $("<input type='button' class='removelayout' value='X'>");
// Conditionally add a remove button
if (name !== "default" && name !== activeLayoutName) {
var remove = $("<input>", { type: "button", class: "removelayout", value: "X" });
remove.on("click", onRemoveLayout);
div.append(remove);
}
// Append the created div to the layoutDiv
layoutDiv.append(div);
}
// Listener for realtime changes to the layout name input field.
// If the layout name is "default", the save button is disabled
// to prevent the perception of overwriting the default layout.