~jpgleeson/caint

5b6dee8751d3f25efe7eb9d8b025d21fc627a6d1 — Jack Gleeson 1 year, 2 months ago 32f973e
Remove SanitizeHTML function

Escaping is done on server. No need for this on clientside and actually messes a bit with allowing html etc.
1 files changed, 2 insertions(+), 4 deletions(-)

M wwwroot/js/caint.js
M wwwroot/js/caint.js => wwwroot/js/caint.js +2 -4
@@ 101,8 101,6 @@ function approveItem(id) {
      .catch(error => console.error('Unable to approve comments.', error));
}

var sanitizeHTML = function (str) { return str.replace(/[^\w. ]/gi, function (c) { return '&#' + c.charCodeAt(0) + ';'; }); };

function closeInput() {
  document.getElementById('editForm').style.display = 'none';
}


@@ 134,8 132,8 @@ function _displayThread(data) {
    commentName.setAttribute('class', 'commenterName');
    commentBody.setAttribute('class', 'commentBody');

    commentName.innerHTML = sanitizeHTML(item.name);
    commentBody.innerHTML = sanitizeHTML(item.body);
    commentName.innerHTML = item.name;
    commentBody.innerHTML = item.body;

    commentDiv.appendChild(commentName);
    commentDiv.appendChild(commentBody);