Commit 45a18976ee628f722a4322d3d7fa61970d08af4f
Improve type checking
- Make sure value is string before passing it to hyperscript, otherwise it could be an object with property "innerHTML" which would get included without escaping. - Make sure value is truthy (or != null) before dereferencing it. - Make sure value is array before calling array methods on it.cel committed on 9/1/2018, 1:52:01 AM
Parent: d55a613b25d45fdb9ba202633cd669d3ab0ca37a
Files changed
| render.js | changed |
| render.js | |||
|---|---|---|---|
| @@ -448,23 +448,23 @@ | |||
| 448 | 448 … | h('a', { href: base + encodeURIComponent(c.vote.link) }, linkedText), | |
| 449 | 449 … | channel]); | |
| 450 | 450 … | } else if (c.type == "vote") { | |
| 451 | 451 … | var linkedText = "this"; | |
| 452 | - if (typeof c.vote.linkedText != "undefined") | ||
| 452 … | + if (c.vote && typeof c.vote.linkedText === "string") | ||
| 453 | 453 … | linkedText = c.vote.linkedText.substring(0, 75); | |
| 454 | 454 … | return h('span.status', | |
| 455 | 455 … | ['Voted ', | |
| 456 | 456 … | h('a', { href: base + encodeURIComponent(c.vote.link) }, linkedText)]); | |
| 457 | 457 … | } else if (c.type == "contact" && c.following) { | |
| 458 | 458 … | var name = c.contact; | |
| 459 | - if (typeof c.contactAbout != "undefined") | ||
| 459 … | + if (c.contactAbout) | ||
| 460 | 460 … | name = c.contactAbout.name; | |
| 461 | 461 … | return h('span.status', | |
| 462 | 462 … | ['Followed ', | |
| 463 | 463 … | h('a', { href: base + c.contact }, name)]); | |
| 464 | 464 … | } else if (c.type == "contact" && !c.following) { | |
| 465 | 465 … | var name = c.contact; | |
| 466 | - if (typeof c.contactAbout != "undefined") | ||
| 466 … | + if (c.contactAbout) | ||
| 467 | 467 … | name = c.contactAbout.name; | |
| 468 | 468 … | return h('span.status', | |
| 469 | 469 … | ['Unfollowed ', | |
| 470 | 470 … | h('a', { href: base + c.contact }, name)]); | |
| @@ -481,9 +481,9 @@ | |||
| 481 | 481 … | } | |
| 482 | 482 … | else if (c.type == "issue") { | |
| 483 | 483 … | return [h('span.status', | |
| 484 | 484 … | "Created a git issue" + | |
| 485 | - (c.repoName != undefined ? " in repo " + c.repoName : ""), | ||
| 485 … | + (c.repoName ? " in repo " + c.repoName : ""), | ||
| 486 | 486 … | renderPost(opts, id, c))]; | |
| 487 | 487 … | } | |
| 488 | 488 … | else if (c.type == "git-repo") { | |
| 489 | 489 … | return h('span.status', | |
| @@ -493,17 +493,18 @@ | |||
| 493 | 493 … | var s = h('span.status'); | |
| 494 | 494 … | s.innerHTML = "Did a git update " + | |
| 495 | 495 … | (c.repoName != undefined ? " in repo " + escape(c.repoName) : "") + | |
| 496 | 496 … | '<br>' + | |
| 497 | - (c.commits != undefined ? | ||
| 498 | - c.commits.map(com => { return "-" +escape(com.title); }).join('<br>') : ""); | ||
| 497 … | + (Array.isArray(c.commits) ? | ||
| 498 … | + c.commits.filter(Boolean).map(com => { return "-" +escape(com.title || com.sha1); }).join('<br>') : ""); | ||
| 499 | 499 … | return s; | |
| 500 | 500 … | } | |
| 501 | 501 … | else if (c.type == "ssb-dns") { | |
| 502 | 502 … | return [h('span.status', 'Updated DNS'), renderDefault(c)]; | |
| 503 | 503 … | } | |
| 504 | 504 … | else if (c.type == "pub") { | |
| 505 | - return h('span.status', 'Connected to the pub ' + c.address.host); | ||
| 505 … | + var host = c.address && c.address.host | ||
| 506 … | + return h('span.status', 'Connected to the pub ' + host); | ||
| 506 | 507 … | } | |
| 507 | 508 … | else if (c.type == "npm-packages") { | |
| 508 | 509 … | return [h('span.status', 'Pushed npm packages')]; | |
| 509 | 510 … | } | |
| @@ -530,23 +531,24 @@ | |||
| 530 | 531 … | ||
| 531 | 532 … | var s = h('section'); | |
| 532 | 533 … | s.innerHTML = marked(String(c.blogContent), opts.marked) | |
| 533 | 534 … | ||
| 534 | - return [channel, h('h2', c.title), s]; | ||
| 535 … | + return [channel, h('h2', String(c.title)), s]; | ||
| 535 | 536 … | } | |
| 536 | 537 … | else if (c.type === 'gathering') { | |
| 537 | 538 … | return h('div', renderGathering(opts, id, c)) | |
| 538 | 539 … | } | |
| 539 | 540 … | else return renderDefault(c); | |
| 540 | 541 … | } | |
| 541 | 542 … | ||
| 542 | 543 … | function renderGathering(opts, id, c) { | |
| 543 | - const title = h('h2', c.about.title) | ||
| 544 | - const time = h('h3', new Date(c.about.startDateTime.epoch).toUTCString()) | ||
| 544 … | + const title = h('h2', String(c.about.title)) | ||
| 545 … | + const startEpoch = c.about.startDateTime && c.about.startDateTime.epoch | ||
| 546 … | + const time = startEpoch ? h('h3', new Date(startEpoch).toUTCString()) : '' | ||
| 545 | 547 … | const image = h('p', h('img', { src: opts.img_base + c.about.image })) | |
| 546 | 548 … | const attending = h('h3.attending', c.numberAttending + ' attending') | |
| 547 | 549 … | const desc = h('div') | |
| 548 | - desc.innerHTML = marked(c.about.description, opts.marked) | ||
| 550 … | + desc.innerHTML = marked(String(c.about.description), opts.marked) | ||
| 549 | 551 … | return h('section', | |
| 550 | 552 … | [title, | |
| 551 | 553 … | time, | |
| 552 | 554 … | image, | |
Built with git-ssb-web