zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prefer wtvshared.escape over encodeURIComponent

Browse Source
This commit is contained in:
zefie
2025-08-14 18:57:37 -04:00
parent 54b960a840
commit e7d16387da
27 changed files with 223 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
zefie_wtvp_minisrv/includes/ServiceVault/wtv-mail/readmail.js
View File

@@ -244,7 +244,7 @@ From:
<td width=10>
<td>`;
if (message.from_name !== message.from_addr) {
data += `${wtvshared.htmlEntitize(message.from_addr)} <a href="client:showalert?sound=none&message=To%20add%20%3Cblackface%3E${encodeURIComponent(encodeURIComponent(message.from_name))}%3C%2Fblackface%3E%20to%20your%20Address%20book,%20choose%20%3Cb%3EAdd%3C%2Fb%3E.&buttonlabel2=Cancel&buttonaction2=client:donothing&buttonlabel1=Add&buttonaction1=wtv-mail:/addressbook%3Faction%3Deditfromheader%26noresponse%3Dtrue%26nickname%3D${encodeURIComponent(encodeURIComponent(message.from_name))}%26address%3D${encodeURIComponent(encodeURIComponent(message.from_addr))}%26new_address%3Dtrue">(${wtvshared.htmlEntitize(message.from_name)})</a>`;
data += `${wtvshared.htmlEntitize(message.from_addr)} <a href="client:showalert?sound=none&message=To%20add%20%3Cblackface%3E${wtvshared.escape(wtvshared.escape(message.from_name))}%3C%2Fblackface%3E%20to%20your%20Address%20book,%20choose%20%3Cb%3EAdd%3C%2Fb%3E.&buttonlabel2=Cancel&buttonaction2=client:donothing&buttonlabel1=Add&buttonaction1=wtv-mail:/addressbook%3Faction%3Deditfromheader%26noresponse%3Dtrue%26nickname%3D${wtvshared.escape(wtvshared.escape(message.from_name))}%26address%3D${wtvshared.escape(wtvshared.escape(message.from_addr))}%26new_address%3Dtrue">(${wtvshared.htmlEntitize(message.from_name)})</a>`;
} else {
data += `${wtvshared.htmlEntitize(message.from_addr)}`;
}

2
zefie_wtvp_minisrv/includes/ServiceVault/wtv-mail/sendmail.js
View File

@@ -6,7 +6,7 @@ let message_voicemail_data = null;
const intro_seen = session_data.mailstore.checkMailIntroSeen();
if (!intro_seen && !request_headers.query.intro_seen) {
// user is trying to bypass the intro screen
headers = "300 OK\nLocation: wtv-mail:/DiplomaMail?came-from=" + encodeURIComponent(request_headers.request_url);
headers = "300 OK\nLocation: wtv-mail:/DiplomaMail?came-from=" + wtvshared.escape(request_headers.request_url);
} else if (request_headers.query.clear === "true") {
let gourl;
if (request_headers.Referer)