public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-14 02:45:56 +00:00
Code Issues Releases Wiki Activity

Replace all setTimeout strings with functions

Browse Source 
This fixes a cross-site scripting vulnerability.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg
2017-01-20 13:13:31 -05:00
parent 0047f2578f
commit 88946d331a
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
js/functions.js
View File

@@ -668,7 +668,7 @@ function hotkey_prefix_timeout() {
Element.hide('cmdline');
}
setTimeout("hotkey_prefix_timeout()", 1000);
setTimeout(hotkey_prefix_timeout, 1000);
} catch (e) {
exception_error("hotkey_prefix_timeout", e);
@@ -1325,7 +1325,7 @@ function unsubscribeFeed(feed_id, title) {
updateFeedList();
} else {
if (feed_id == getActiveFeedId())
setTimeout("viewfeed({feed:-5})", 100);
setTimeout(function() { viewfeed({feed:-5}) }, 100);
if (feed_id < 0) updateFeedList();
}