mirror of
				https://github.com/MarioSpore/Grinch-AP.git
				synced 2025-10-21 20:21:32 -06:00 
			
		
		
		
	Template gameName into player-settings as a data attribute to avoid potential security risks.
This commit is contained in:
		| @@ -106,7 +106,7 @@ games_list = { | |||||||
| # Player settings pages | # Player settings pages | ||||||
| @app.route('/games/<string:game>/player-settings') | @app.route('/games/<string:game>/player-settings') | ||||||
| def player_settings(game): | def player_settings(game): | ||||||
|     return render_template(f"player-settings.html") |     return render_template(f"player-settings.html", game=game) | ||||||
|  |  | ||||||
|  |  | ||||||
| # Game sub-pages | # Game sub-pages | ||||||
|   | |||||||
| @@ -1,8 +1,7 @@ | |||||||
| let gameName = null; | let gameName = null; | ||||||
|  |  | ||||||
| window.addEventListener('load', () => { | window.addEventListener('load', () => { | ||||||
|   const urlMatches = window.location.href.match(/^.*\/(.*)\/player-settings/); |   gameName = document.getElementById('player-settings').getAttribute('data-game'); | ||||||
|   gameName = decodeURIComponent(urlMatches[1]); |  | ||||||
|  |  | ||||||
|   // Update game name on page |   // Update game name on page | ||||||
|   document.getElementById('game-name').innerHTML = gameName; |   document.getElementById('game-name').innerHTML = gameName; | ||||||
| @@ -25,7 +24,7 @@ window.addEventListener('load', () => { | |||||||
|     nameInput.value = playerSettings.name; |     nameInput.value = playerSettings.name; | ||||||
|   }).catch((error) => { |   }).catch((error) => { | ||||||
|     const url = new URL(window.location.href); |     const url = new URL(window.location.href); | ||||||
|     window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`); |     // window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`); | ||||||
|   }) |   }) | ||||||
| }); | }); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -10,7 +10,7 @@ | |||||||
|  |  | ||||||
| {% block body %} | {% block body %} | ||||||
|     {% include 'header/grassHeader.html' %} |     {% include 'header/grassHeader.html' %} | ||||||
|     <div id="player-settings"> |     <div id="player-settings" data-game="{{ game }}"> | ||||||
|         <div id="user-message"></div> |         <div id="user-message"></div> | ||||||
|         <h1><span id="game-name">Player</span> Settings</h1> |         <h1><span id="game-name">Player</span> Settings</h1> | ||||||
|         <p>Choose the options you would like to play with! You may generate a single-player game from this page, |         <p>Choose the options you would like to play with! You may generate a single-player game from this page, | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Chris Wilson
					Chris Wilson