mirror of
				https://github.com/MarioSpore/Grinch-AP.git
				synced 2025-10-21 20:21:32 -06:00 
			
		
		
		
	Template gameName into player-settings as a data attribute to avoid potential security risks.
This commit is contained in:
		| @@ -106,7 +106,7 @@ games_list = { | ||||
| # Player settings pages | ||||
| @app.route('/games/<string:game>/player-settings') | ||||
| def player_settings(game): | ||||
|     return render_template(f"player-settings.html") | ||||
|     return render_template(f"player-settings.html", game=game) | ||||
|  | ||||
|  | ||||
| # Game sub-pages | ||||
|   | ||||
| @@ -1,8 +1,7 @@ | ||||
| let gameName = null; | ||||
|  | ||||
| window.addEventListener('load', () => { | ||||
|   const urlMatches = window.location.href.match(/^.*\/(.*)\/player-settings/); | ||||
|   gameName = decodeURIComponent(urlMatches[1]); | ||||
|   gameName = document.getElementById('player-settings').getAttribute('data-game'); | ||||
|  | ||||
|   // Update game name on page | ||||
|   document.getElementById('game-name').innerHTML = gameName; | ||||
| @@ -25,7 +24,7 @@ window.addEventListener('load', () => { | ||||
|     nameInput.value = playerSettings.name; | ||||
|   }).catch((error) => { | ||||
|     const url = new URL(window.location.href); | ||||
|     window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`); | ||||
|     // window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`); | ||||
|   }) | ||||
| }); | ||||
|  | ||||
|   | ||||
| @@ -10,7 +10,7 @@ | ||||
|  | ||||
| {% block body %} | ||||
|     {% include 'header/grassHeader.html' %} | ||||
|     <div id="player-settings"> | ||||
|     <div id="player-settings" data-game="{{ game }}"> | ||||
|         <div id="user-message"></div> | ||||
|         <h1><span id="game-name">Player</span> Settings</h1> | ||||
|         <p>Choose the options you would like to play with! You may generate a single-player game from this page, | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Chris Wilson
					Chris Wilson