ui: use DOMPurify to sanitize inputs to bootbox
This commit is contained in:
parent
7f998b7ed1
commit
4164ec1fcb
|
@ -1,15 +1,16 @@
|
||||||
{
|
{
|
||||||
"name": "8bitworkshop",
|
"name": "8bitworkshop",
|
||||||
"version": "3.9.1",
|
"version": "3.10.0",
|
||||||
"lockfileVersion": 2,
|
"lockfileVersion": 2,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "8bitworkshop",
|
"name": "8bitworkshop",
|
||||||
"version": "3.9.1",
|
"version": "3.10.0",
|
||||||
"license": "GPL-3.0",
|
"license": "GPL-3.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@types/chroma-js": "^2.1.3",
|
"@types/chroma-js": "^2.1.3",
|
||||||
|
"@types/dompurify": "^2.3.4",
|
||||||
"@types/emscripten": "^1.39.5",
|
"@types/emscripten": "^1.39.5",
|
||||||
"@types/js-yaml": "^4.0.5",
|
"@types/js-yaml": "^4.0.5",
|
||||||
"@wasmer/wasi": "^0.12.0",
|
"@wasmer/wasi": "^0.12.0",
|
||||||
|
@ -17,6 +18,7 @@
|
||||||
"binaryen": "^101.0.0",
|
"binaryen": "^101.0.0",
|
||||||
"chroma-js": "^2.1.2",
|
"chroma-js": "^2.1.2",
|
||||||
"clipboard": "^2.0.6",
|
"clipboard": "^2.0.6",
|
||||||
|
"dompurify": "^2.4.0",
|
||||||
"error-stack-parser": "^2.0.6",
|
"error-stack-parser": "^2.0.6",
|
||||||
"fast-png": "^5.0.4",
|
"fast-png": "^5.0.4",
|
||||||
"file-saver": "^2.0.5",
|
"file-saver": "^2.0.5",
|
||||||
|
@ -445,6 +447,14 @@
|
||||||
"resolved": "https://registry.npmjs.org/@types/chroma-js/-/chroma-js-2.1.3.tgz",
|
"resolved": "https://registry.npmjs.org/@types/chroma-js/-/chroma-js-2.1.3.tgz",
|
||||||
"integrity": "sha512-1xGPhoSGY1CPmXLCBcjVZSQinFjL26vlR8ZqprsBWiFyED4JacJJ9zHhh5aaUXqbY9B37mKQ73nlydVAXmr1+g=="
|
"integrity": "sha512-1xGPhoSGY1CPmXLCBcjVZSQinFjL26vlR8ZqprsBWiFyED4JacJJ9zHhh5aaUXqbY9B37mKQ73nlydVAXmr1+g=="
|
||||||
},
|
},
|
||||||
|
"node_modules/@types/dompurify": {
|
||||||
|
"version": "2.3.4",
|
||||||
|
"resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-2.3.4.tgz",
|
||||||
|
"integrity": "sha512-EXzDatIb5EspL2eb/xPGmaC8pePcTHrkDCONjeisusLFrVfl38Pjea/R0YJGu3k9ZQadSvMqW0WXPI2hEo2Ajg==",
|
||||||
|
"dependencies": {
|
||||||
|
"@types/trusted-types": "*"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/@types/emscripten": {
|
"node_modules/@types/emscripten": {
|
||||||
"version": "1.39.6",
|
"version": "1.39.6",
|
||||||
"resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.6.tgz",
|
"resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.6.tgz",
|
||||||
|
@ -563,6 +573,11 @@
|
||||||
"integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
|
"integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
|
"node_modules/@types/trusted-types": {
|
||||||
|
"version": "2.0.2",
|
||||||
|
"resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.2.tgz",
|
||||||
|
"integrity": "sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg=="
|
||||||
|
},
|
||||||
"node_modules/@types/yargs": {
|
"node_modules/@types/yargs": {
|
||||||
"version": "16.0.4",
|
"version": "16.0.4",
|
||||||
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.4.tgz",
|
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.4.tgz",
|
||||||
|
@ -1749,6 +1764,11 @@
|
||||||
"webidl-conversions": "^4.0.2"
|
"webidl-conversions": "^4.0.2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/dompurify": {
|
||||||
|
"version": "2.4.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.4.0.tgz",
|
||||||
|
"integrity": "sha512-Be9tbQMZds4a3C6xTmz68NlMfeONA//4dOavl/1rNw50E+/QO0KVpbcU0PcaW0nsQxurXls9ZocqFxk8R2mWEA=="
|
||||||
|
},
|
||||||
"node_modules/dotenv": {
|
"node_modules/dotenv": {
|
||||||
"version": "10.0.0",
|
"version": "10.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
|
||||||
|
@ -6980,6 +7000,14 @@
|
||||||
"resolved": "https://registry.npmjs.org/@types/chroma-js/-/chroma-js-2.1.3.tgz",
|
"resolved": "https://registry.npmjs.org/@types/chroma-js/-/chroma-js-2.1.3.tgz",
|
||||||
"integrity": "sha512-1xGPhoSGY1CPmXLCBcjVZSQinFjL26vlR8ZqprsBWiFyED4JacJJ9zHhh5aaUXqbY9B37mKQ73nlydVAXmr1+g=="
|
"integrity": "sha512-1xGPhoSGY1CPmXLCBcjVZSQinFjL26vlR8ZqprsBWiFyED4JacJJ9zHhh5aaUXqbY9B37mKQ73nlydVAXmr1+g=="
|
||||||
},
|
},
|
||||||
|
"@types/dompurify": {
|
||||||
|
"version": "2.3.4",
|
||||||
|
"resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-2.3.4.tgz",
|
||||||
|
"integrity": "sha512-EXzDatIb5EspL2eb/xPGmaC8pePcTHrkDCONjeisusLFrVfl38Pjea/R0YJGu3k9ZQadSvMqW0WXPI2hEo2Ajg==",
|
||||||
|
"requires": {
|
||||||
|
"@types/trusted-types": "*"
|
||||||
|
}
|
||||||
|
},
|
||||||
"@types/emscripten": {
|
"@types/emscripten": {
|
||||||
"version": "1.39.6",
|
"version": "1.39.6",
|
||||||
"resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.6.tgz",
|
"resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.6.tgz",
|
||||||
|
@ -7097,6 +7125,11 @@
|
||||||
"integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
|
"integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
|
"@types/trusted-types": {
|
||||||
|
"version": "2.0.2",
|
||||||
|
"resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.2.tgz",
|
||||||
|
"integrity": "sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg=="
|
||||||
|
},
|
||||||
"@types/yargs": {
|
"@types/yargs": {
|
||||||
"version": "16.0.4",
|
"version": "16.0.4",
|
||||||
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.4.tgz",
|
"resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.4.tgz",
|
||||||
|
@ -8017,6 +8050,11 @@
|
||||||
"webidl-conversions": "^4.0.2"
|
"webidl-conversions": "^4.0.2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"dompurify": {
|
||||||
|
"version": "2.4.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.4.0.tgz",
|
||||||
|
"integrity": "sha512-Be9tbQMZds4a3C6xTmz68NlMfeONA//4dOavl/1rNw50E+/QO0KVpbcU0PcaW0nsQxurXls9ZocqFxk8R2mWEA=="
|
||||||
|
},
|
||||||
"dotenv": {
|
"dotenv": {
|
||||||
"version": "10.0.0",
|
"version": "10.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
"license": "GPL-3.0",
|
"license": "GPL-3.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@types/chroma-js": "^2.1.3",
|
"@types/chroma-js": "^2.1.3",
|
||||||
|
"@types/dompurify": "^2.3.4",
|
||||||
"@types/emscripten": "^1.39.5",
|
"@types/emscripten": "^1.39.5",
|
||||||
"@types/js-yaml": "^4.0.5",
|
"@types/js-yaml": "^4.0.5",
|
||||||
"@wasmer/wasi": "^0.12.0",
|
"@wasmer/wasi": "^0.12.0",
|
||||||
|
@ -18,6 +19,7 @@
|
||||||
"binaryen": "^101.0.0",
|
"binaryen": "^101.0.0",
|
||||||
"chroma-js": "^2.1.2",
|
"chroma-js": "^2.1.2",
|
||||||
"clipboard": "^2.0.6",
|
"clipboard": "^2.0.6",
|
||||||
|
"dompurify": "^2.4.0",
|
||||||
"error-stack-parser": "^2.0.6",
|
"error-stack-parser": "^2.0.6",
|
||||||
"fast-png": "^5.0.4",
|
"fast-png": "^5.0.4",
|
||||||
"file-saver": "^2.0.5",
|
"file-saver": "^2.0.5",
|
||||||
|
|
|
@ -20,6 +20,7 @@ import { AssetEditorView } from "./views/asseteditor";
|
||||||
import { isMobileDevice } from "./views/baseviews";
|
import { isMobileDevice } from "./views/baseviews";
|
||||||
import { CallStackView, DebugBrowserView } from "./views/treeviews";
|
import { CallStackView, DebugBrowserView } from "./views/treeviews";
|
||||||
import { saveAs } from "file-saver";
|
import { saveAs } from "file-saver";
|
||||||
|
import DOMPurify = require("dompurify");
|
||||||
|
|
||||||
// external libs (TODO)
|
// external libs (TODO)
|
||||||
declare var Tour, GIF, Octokat;
|
declare var Tour, GIF, Octokat;
|
||||||
|
@ -141,12 +142,12 @@ function alertError(s:string) {
|
||||||
setWaitDialog(false);
|
setWaitDialog(false);
|
||||||
bootbox.alert({
|
bootbox.alert({
|
||||||
title: '<span class="glyphicon glyphicon-alert" aria-hidden="true"></span> Alert',
|
title: '<span class="glyphicon glyphicon-alert" aria-hidden="true"></span> Alert',
|
||||||
message: s
|
message: DOMPurify.sanitize(s)
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
function alertInfo(s:string) {
|
function alertInfo(s:string) {
|
||||||
setWaitDialog(false);
|
setWaitDialog(false);
|
||||||
bootbox.alert(s);
|
bootbox.alert(DOMPurify.sanitize(s));
|
||||||
}
|
}
|
||||||
function fatalError(s:string) {
|
function fatalError(s:string) {
|
||||||
alertError(s);
|
alertError(s);
|
||||||
|
@ -518,7 +519,7 @@ function handleFileUpload(files: FileList) {
|
||||||
} else {
|
} else {
|
||||||
qs.file = files[0].name;
|
qs.file = files[0].name;
|
||||||
bootbox.confirm({
|
bootbox.confirm({
|
||||||
message: "Open '" + qs.file + "' as main project file?",
|
message: "Open '" + DOMPurify.sanitize(qs.file) + "' as main project file?",
|
||||||
buttons: {
|
buttons: {
|
||||||
confirm: { label: "Open As New Project" },
|
confirm: { label: "Open As New Project" },
|
||||||
cancel: { label: "Include/Link With Project Later" },
|
cancel: { label: "Include/Link With Project Later" },
|
||||||
|
@ -558,7 +559,7 @@ function handleFileUpload(files: FileList) {
|
||||||
async function _openLocalDirectory(e) {
|
async function _openLocalDirectory(e) {
|
||||||
var pickerfn = window['showDirectoryPicker'];
|
var pickerfn = window['showDirectoryPicker'];
|
||||||
if (!pickerfn) {
|
if (!pickerfn) {
|
||||||
bootbox.alert(`This browser can't open local files on your computer, yet. Try Chrome.`);
|
alertError(`This browser can't open local files on your computer, yet. Try Chrome.`);
|
||||||
}
|
}
|
||||||
var dirHandle = await pickerfn();
|
var dirHandle = await pickerfn();
|
||||||
var repoid = dirHandle.name;
|
var repoid = dirHandle.name;
|
||||||
|
@ -577,7 +578,7 @@ async function _openLocalDirectory(e) {
|
||||||
|
|
||||||
async function promptUser(message: string) : Promise<string> {
|
async function promptUser(message: string) : Promise<string> {
|
||||||
return new Promise( (resolve, reject) => {
|
return new Promise( (resolve, reject) => {
|
||||||
bootbox.prompt(message, (result) => {
|
bootbox.prompt(DOMPurify.sanitize(message), (result) => {
|
||||||
resolve(result);
|
resolve(result);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -600,7 +601,7 @@ async function getLocalFilesystem(repoid: string) : Promise<ProjectFilesystem> {
|
||||||
granted = await dirHandle.requestPermission(options);
|
granted = await dirHandle.requestPermission(options);
|
||||||
}
|
}
|
||||||
if (granted !== 'granted') {
|
if (granted !== 'granted') {
|
||||||
bootbox.alert(`Could not get permission to access filesystem.`);
|
alertError(`Could not get permission to access filesystem.`);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
return {
|
return {
|
||||||
|
@ -663,7 +664,7 @@ async function getGithubService() {
|
||||||
function getBoundGithubURL() : string {
|
function getBoundGithubURL() : string {
|
||||||
var toks = (repo_id||'').split('/');
|
var toks = (repo_id||'').split('/');
|
||||||
if (toks.length != 2) {
|
if (toks.length != 2) {
|
||||||
alertError("<p>You are not in a GitHub repository.</p><p>Choose one from the pulldown, or Import or Publish one.</p>");
|
alertError("You are not in a GitHub repository. Choose one from the pulldown, or Import or Publish one.");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return 'https://github.com/' + toks[0] + '/' + toks[1];
|
return 'https://github.com/' + toks[0] + '/' + toks[1];
|
||||||
|
@ -701,7 +702,7 @@ async function importProjectFromGithub(githuburl:string, replaceURL:boolean) {
|
||||||
}).catch( (e) => {
|
}).catch( (e) => {
|
||||||
setWaitDialog(false);
|
setWaitDialog(false);
|
||||||
console.log(e);
|
console.log(e);
|
||||||
alertError("<p>Could not import " + githuburl + ".</p>" + e);
|
alertError("Could not import " + githuburl + "." + e);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -710,7 +711,7 @@ async function _loginToGithub(e) {
|
||||||
gh.login().then(() => {
|
gh.login().then(() => {
|
||||||
alertInfo("You are signed in to Github.");
|
alertInfo("You are signed in to Github.");
|
||||||
}).catch( (e) => {
|
}).catch( (e) => {
|
||||||
alertError("<p>Could not sign in.</p>" + e);
|
alertError("Could not sign in." + e);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -809,13 +810,13 @@ function confirmCommit(sess) : Promise<GHSession> {
|
||||||
// anything changed?
|
// anything changed?
|
||||||
if (files.length == 0) {
|
if (files.length == 0) {
|
||||||
setWaitDialog(false);
|
setWaitDialog(false);
|
||||||
bootbox.alert("No files changed.");
|
alertInfo("No files changed.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// build commit confirm message
|
// build commit confirm message
|
||||||
var msg = "";
|
var msg = "";
|
||||||
for (var f of files) {
|
for (var f of files) {
|
||||||
msg += f.filename + ": " + f.status;
|
msg += DOMPurify.sanitize(f.filename) + ": " + f.status;
|
||||||
if (f.additions || f.deletions || f.changes) {
|
if (f.additions || f.deletions || f.changes) {
|
||||||
msg += " (" + f.additions + " additions, " + f.deletions + " deletions, " + f.changes + " changes)";
|
msg += " (" + f.additions + " additions, " + f.deletions + " deletions, " + f.changes + " changes)";
|
||||||
};
|
};
|
||||||
|
@ -873,7 +874,7 @@ async function pushChangesToGithub(message:string) {
|
||||||
function _deleteRepository() {
|
function _deleteRepository() {
|
||||||
var ghurl = getBoundGithubURL();
|
var ghurl = getBoundGithubURL();
|
||||||
if (!ghurl) return;
|
if (!ghurl) return;
|
||||||
bootbox.prompt("<p>Are you sure you want to delete this repository (" + ghurl + ") from browser storage?</p><p>All changes since last commit will be lost.</p><p>Type DELETE to proceed.<p>", (yes) => {
|
bootbox.prompt("<p>Are you sure you want to delete this repository (" + DOMPurify.sanitize(ghurl) + ") from browser storage?</p><p>All changes since last commit will be lost.</p><p>Type DELETE to proceed.<p>", (yes) => {
|
||||||
if (yes.trim().toUpperCase() == "DELETE") {
|
if (yes.trim().toUpperCase() == "DELETE") {
|
||||||
deleteRepository();
|
deleteRepository();
|
||||||
}
|
}
|
||||||
|
@ -976,7 +977,7 @@ function _downloadCassetteFile_apple2(e) {
|
||||||
var blob = new Blob([audout], {type: "audio/wav"});
|
var blob = new Blob([audout], {type: "audio/wav"});
|
||||||
saveAs(blob, audpath);
|
saveAs(blob, audpath);
|
||||||
stdout += "Then connect your audio output to the cassette input, turn up the volume, and play the audio file.";
|
stdout += "Then connect your audio output to the cassette input, turn up the volume, and play the audio file.";
|
||||||
alertInfo('<pre style="white-space: pre-wrap">'+stdout+'</pre>');
|
alertInfo(stdout);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -1008,7 +1009,7 @@ function _downloadCassetteFile_vcs(e) {
|
||||||
let blob = new Blob([audout], {type: "audio/wav"});
|
let blob = new Blob([audout], {type: "audio/wav"});
|
||||||
saveAs(blob, audpath);
|
saveAs(blob, audpath);
|
||||||
stdout += "\nConnect your audio output to the SuperCharger input, turn up the volume, and play the audio file.";
|
stdout += "\nConnect your audio output to the SuperCharger input, turn up the volume, and play the audio file.";
|
||||||
alertInfo('<pre style="white-space: pre-wrap">'+stdout+'</pre>');
|
alertInfo(stdout);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -1037,7 +1038,7 @@ function _revertFile(e) {
|
||||||
if (wnd && wnd.setText) {
|
if (wnd && wnd.setText) {
|
||||||
var fn = projectWindows.getActiveID();
|
var fn = projectWindows.getActiveID();
|
||||||
$.get( "presets/"+getBasePlatform(platform_id)+"/"+fn, (text) => {
|
$.get( "presets/"+getBasePlatform(platform_id)+"/"+fn, (text) => {
|
||||||
bootbox.confirm("Reset '" + fn + "' to default?", (ok) => {
|
bootbox.confirm("Reset '" + DOMPurify.sanitize(fn) + "' to default?", (ok) => {
|
||||||
if (ok) {
|
if (ok) {
|
||||||
wnd.setText(text);
|
wnd.setText(text);
|
||||||
}
|
}
|
||||||
|
@ -1056,7 +1057,7 @@ function _deleteFile(e) {
|
||||||
var wnd = projectWindows.getActive();
|
var wnd = projectWindows.getActive();
|
||||||
if (wnd && wnd.getPath) {
|
if (wnd && wnd.getPath) {
|
||||||
var fn = projectWindows.getActiveID();
|
var fn = projectWindows.getActiveID();
|
||||||
bootbox.confirm("Delete '" + fn + "'?", (ok) => {
|
bootbox.confirm("Delete '" + DOMPurify.sanitize(fn) + "'?", (ok) => {
|
||||||
if (ok) {
|
if (ok) {
|
||||||
store.removeItem(fn).then( () => {
|
store.removeItem(fn).then( () => {
|
||||||
// if we delete what is selected
|
// if we delete what is selected
|
||||||
|
@ -1080,7 +1081,7 @@ function _renameFile(e) {
|
||||||
if (wnd && wnd.getPath && current_project.getFile(wnd.getPath())) {
|
if (wnd && wnd.getPath && current_project.getFile(wnd.getPath())) {
|
||||||
var fn = projectWindows.getActiveID();
|
var fn = projectWindows.getActiveID();
|
||||||
bootbox.prompt({
|
bootbox.prompt({
|
||||||
title: "Rename '" + fn + "' to?",
|
title: "Rename '" + DOMPurify.sanitize(fn) + "' to?",
|
||||||
value: fn,
|
value: fn,
|
||||||
callback: (newfn) => {
|
callback: (newfn) => {
|
||||||
var data = current_project.getFile(wnd.getPath());
|
var data = current_project.getFile(wnd.getPath());
|
||||||
|
@ -1823,8 +1824,8 @@ function addFileToProject(type, ext, linefn) {
|
||||||
var wnd = projectWindows.getActive();
|
var wnd = projectWindows.getActive();
|
||||||
if (wnd && wnd.insertText) {
|
if (wnd && wnd.insertText) {
|
||||||
bootbox.prompt({
|
bootbox.prompt({
|
||||||
title:"Add "+type+" File to Project",
|
title:"Add "+DOMPurify.sanitize(type)+" File to Project",
|
||||||
value:"filename"+ext,
|
value:"filename"+DOMPurify.sanitize(ext),
|
||||||
callback:(filename:string) => {
|
callback:(filename:string) => {
|
||||||
if (filename && filename.trim().length > 0) {
|
if (filename && filename.trim().length > 0) {
|
||||||
if (!checkEnteredFilename(filename)) return;
|
if (!checkEnteredFilename(filename)) return;
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
|
|
||||||
import { Toolbar } from "./toolbar";
|
import { Toolbar } from "./toolbar";
|
||||||
import { VirtualList } from "../common/vlist";
|
import { VirtualList } from "../common/vlist";
|
||||||
|
import DOMPurify from "dompurify";
|
||||||
|
|
||||||
const BUILTIN_INPUT_PORTS = [
|
const BUILTIN_INPUT_PORTS = [
|
||||||
'clk', 'reset',
|
'clk', 'reset',
|
||||||
|
@ -359,7 +360,7 @@ export class WaveformView {
|
||||||
//min: 0,
|
//min: 0,
|
||||||
//max: meta.len-1,
|
//max: meta.len-1,
|
||||||
//placeholder: rangestr,
|
//placeholder: rangestr,
|
||||||
title: `Enter new value for "${meta.label}" (${rangestr}):`,
|
title: `Enter new value for "${DOMPurify.sanitize(meta.label)}" (${rangestr}):`,
|
||||||
callback: (result) => {
|
callback: (result) => {
|
||||||
if (result != null) {
|
if (result != null) {
|
||||||
var value = parseInt(result);
|
var value = parseInt(result);
|
||||||
|
|
Loading…
Reference in New Issue