public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 15:15:56 +00:00
Code Issues Releases Wiki Activity

Replace all setTimeout strings with functions

Browse Source 
This fixes a cross-site scripting vulnerability.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg
2017-01-20 13:13:31 -05:00
parent 0047f2578f
commit 88946d331a
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
js/prefs.js
View File

@@ -901,10 +901,10 @@ function init_second_stage() {
if (method == 'editFeed') {
var param = getURLParam('methodparam');
window.setTimeout('editFeed(' + param + ')', 100);
window.setTimeout(function() { editFeed(param) }, 100);
}
setTimeout("hotkey_prefix_timeout()", 5*1000);
setTimeout(hotkey_prefix_timeout, 5*1000);
} catch (e) {
exception_error("init_second_stage", e);