1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-30 09:41:11 -05:00
forgejo/web_src/js/features/repo-settings.js
Gusted 661d3d28e9
Prevent possible XSS when using jQuery (#18289)
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
2022-01-16 13:14:32 +08:00

66 lines
2 KiB
JavaScript

import {createMonaco} from './codeeditor.js';
import {initRepoCommonFilterSearchDropdown} from './repo-common.js';
const {appSubUrl, csrfToken} = window.config;
export function initRepoSettingsCollaboration() {
// Change collaborator access mode
$('.access-mode.menu .item').on('click', function () {
const $menu = $(this).parent();
$.post($menu.data('url'), {
_csrf: csrfToken,
uid: $menu.data('uid'),
mode: $(this).data('value')
});
});
}
export function initRepoSettingSearchTeamBox() {
const $searchTeamBox = $('#search-team-box');
$searchTeamBox.search({
minCharacters: 2,
apiSettings: {
url: `${appSubUrl}/api/v1/orgs/${$searchTeamBox.data('org')}/teams/search?q={query}`,
headers: {'X-Csrf-Token': csrfToken},
onResponse(response) {
const items = [];
$.each(response.data, (_i, item) => {
const title = `${item.name} (${item.permission} access)`;
items.push({
title,
});
});
return {results: items};
}
},
searchFields: ['name', 'description'],
showNoResults: false
});
}
export function initRepoSettingGitHook() {
if ($('.edit.githook').length === 0) return;
const filename = document.querySelector('.hook-filename').textContent;
const _promise = createMonaco($('#content')[0], filename, {language: 'shell'});
}
export function initRepoSettingBranches() {
// Branches
if ($('.repository.settings.branches').length > 0) {
initRepoCommonFilterSearchDropdown('.protected-branches .dropdown');
$('.enable-protection, .enable-whitelist, .enable-statuscheck').on('change', function () {
if (this.checked) {
$.find($(this).data('target')).removeClass('disabled');
} else {
$.find($(this).data('target')).addClass('disabled');
}
});
$('.disable-whitelist').on('change', function () {
if (this.checked) {
$.find($(this).data('target')).addClass('disabled');
}
});
}
}