git ssb

0+

Daan Patchwork / ssb-viewer



forked from cel / ssb-viewer

Commit 45a18976ee628f722a4322d3d7fa61970d08af4f

Browse Files

Improve type checking

- Make sure value is string before passing it to hyperscript,
  otherwise it could be an object with property "innerHTML" which would
  get included without escaping.
- Make sure value is truthy (or != null) before dereferencing it.
- Make sure value is array before calling array methods on it.
cel committed on 9/1/2018, 1:52:01 AM
Parent: d55a613b25d45fdb9ba202633cd669d3ab0ca37a

Files changed

render.jschanged
render.jsView
@@ -448,23 +448,23 @@
448448 h('a', { href: base + encodeURIComponent(c.vote.link) }, linkedText),
449449 channel]);
450450 } else if (c.type == "vote") {
451451 var linkedText = "this";
452- if (typeof c.vote.linkedText != "undefined")
452+ if (c.vote && typeof c.vote.linkedText === "string")
453453 linkedText = c.vote.linkedText.substring(0, 75);
454454 return h('span.status',
455455 ['Voted ',
456456 h('a', { href: base + encodeURIComponent(c.vote.link) }, linkedText)]);
457457 } else if (c.type == "contact" && c.following) {
458458 var name = c.contact;
459- if (typeof c.contactAbout != "undefined")
459+ if (c.contactAbout)
460460 name = c.contactAbout.name;
461461 return h('span.status',
462462 ['Followed ',
463463 h('a', { href: base + c.contact }, name)]);
464464 } else if (c.type == "contact" && !c.following) {
465465 var name = c.contact;
466- if (typeof c.contactAbout != "undefined")
466+ if (c.contactAbout)
467467 name = c.contactAbout.name;
468468 return h('span.status',
469469 ['Unfollowed ',
470470 h('a', { href: base + c.contact }, name)]);
@@ -481,9 +481,9 @@
481481 }
482482 else if (c.type == "issue") {
483483 return [h('span.status',
484484 "Created a git issue" +
485- (c.repoName != undefined ? " in repo " + c.repoName : ""),
485+ (c.repoName ? " in repo " + c.repoName : ""),
486486 renderPost(opts, id, c))];
487487 }
488488 else if (c.type == "git-repo") {
489489 return h('span.status',
@@ -493,17 +493,18 @@
493493 var s = h('span.status');
494494 s.innerHTML = "Did a git update " +
495495 (c.repoName != undefined ? " in repo " + escape(c.repoName) : "") +
496496 '<br>' +
497- (c.commits != undefined ?
498- c.commits.map(com => { return "-" +escape(com.title); }).join('<br>') : "");
497+ (Array.isArray(c.commits) ?
498+ c.commits.filter(Boolean).map(com => { return "-" +escape(com.title || com.sha1); }).join('<br>') : "");
499499 return s;
500500 }
501501 else if (c.type == "ssb-dns") {
502502 return [h('span.status', 'Updated DNS'), renderDefault(c)];
503503 }
504504 else if (c.type == "pub") {
505- return h('span.status', 'Connected to the pub ' + c.address.host);
505+ var host = c.address && c.address.host
506+ return h('span.status', 'Connected to the pub ' + host);
506507 }
507508 else if (c.type == "npm-packages") {
508509 return [h('span.status', 'Pushed npm packages')];
509510 }
@@ -530,23 +531,24 @@
530531
531532 var s = h('section');
532533 s.innerHTML = marked(String(c.blogContent), opts.marked)
533534
534- return [channel, h('h2', c.title), s];
535+ return [channel, h('h2', String(c.title)), s];
535536 }
536537 else if (c.type === 'gathering') {
537538 return h('div', renderGathering(opts, id, c))
538539 }
539540 else return renderDefault(c);
540541 }
541542
542543 function renderGathering(opts, id, c) {
543- const title = h('h2', c.about.title)
544- const time = h('h3', new Date(c.about.startDateTime.epoch).toUTCString())
544+ const title = h('h2', String(c.about.title))
545+ const startEpoch = c.about.startDateTime && c.about.startDateTime.epoch
546+ const time = startEpoch ? h('h3', new Date(startEpoch).toUTCString()) : ''
545547 const image = h('p', h('img', { src: opts.img_base + c.about.image }))
546548 const attending = h('h3.attending', c.numberAttending + ' attending')
547549 const desc = h('div')
548- desc.innerHTML = marked(c.about.description, opts.marked)
550+ desc.innerHTML = marked(String(c.about.description), opts.marked)
549551 return h('section',
550552 [title,
551553 time,
552554 image,

Built with git-ssb-web