public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 16:45:55 +00:00
Code Issues Releases Wiki Activity

Replace all setTimeout strings with functions

Browse Source 
This fixes a cross-site scripting vulnerability.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg
2017-01-20 13:13:31 -05:00
parent 0047f2578f
commit 88946d331a
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
js/tt-rss.js
View File

@@ -159,7 +159,7 @@ function viewCurrentFeed(method) {
function timeout() {
if (getInitParam("bw_limit") != "1") {
request_counters();
setTimeout("timeout()", 60*1000);
setTimeout(timeout, 60*1000);
}
}
@@ -654,7 +654,7 @@ function init_second_stage() {
if (getInitParam("simple_update")) {
console.log("scheduling simple feed updater...");
window.setTimeout("update_random_feed()", 30*1000);
window.setTimeout(update_random_feed, 30*1000);
}
} catch (e) {
@@ -1130,7 +1130,7 @@ function update_random_feed() {
parameters: "op=rpc&method=updateRandomFeed",
onComplete: function(transport) {
handle_rpc_json(transport, true);
window.setTimeout("update_random_feed()", 30*1000);
window.setTimeout(update_random_feed, 30*1000);
} });
} catch (e) {