Replace insecure use of innerHTML, changed update URL

2 years ago · 7c5229d315
parent 423a4669e3
commit 7c5229d315
3 changed files with 11 additions and 11 deletions
--- a/base/i18n.js
+++ b/base/i18n.js
@ -1,8 +1,4 @@
 let translatableSpans = document.querySelectorAll('.i18n-target');
 for (let t of translatableSpans) {
-    t.innerHTML = getMessage(t.attributes['data-id'].value);
-}
-
-function getMessage(id){
-    return chrome.i18n.getMessage(id);
+    t.innerText = chrome.i18n.getMessage(t.attributes['data-id'].value);
 }
--- a/base/settings/settings.js
+++ b/base/settings/settings.js
@ -32,7 +32,7 @@ function validateAndSave() {
        console.log('Failed to save settings - form validation was not successful.')
        saveButton.classList.replace('btn-primary', 'btn-danger');
        saveButton.classList.replace('btn-success', 'btn-danger');
-        saveButton.textContent = getMessage('settingsSaveButtonCaptionFailure');
+        saveButton.textContent = chrome.i18n.getMessage('settingsSaveButtonCaptionFailure');
    }
 }

@ -46,7 +46,7 @@ function save() {
            // Update form controls to let user know options were saved.
            saveButton.classList.replace('btn-primary', 'btn-success');
            saveButton.classList.replace('btn-danger', 'btn-success');
-            saveButton.textContent = getMessage('settingsSaveButtonCaptionSuccess');
+            saveButton.textContent = chrome.i18n.getMessage('settingsSaveButtonCaptionSuccess');
        });
    } else {
        console.error('Unsupported browser or no access to localStorage')
@ -58,8 +58,8 @@ function save() {
 function load(){
    if (chrome && chrome.storage && chrome.storage.local) {
        chrome.storage.local.get({
-            baseURL: getMessage("settingsFormInputRequired"),
-            wssURL: getMessage("settingsFormInputRequired")
+            baseURL: chrome.i18n.getMessage("settingsFormInputRequired"),
+            wssURL: chrome.i18n.getMessage("settingsFormInputRequired")
        }, function (items) {
            stammTVBaseUrl.value = items.baseURL;
            stammTVWSSUrl.value = items.wssURL;
@ -70,7 +70,6 @@ function load(){
 }

 function autofillWSSURL() {
-    console.log('here am i');
    if (stammTVBaseUrl.value.startsWith('http')) {
        let predictedWSSURL = stammTVBaseUrl.value.replace('https', 'wss').replace('http', 'wss');
        if (predictedWSSURL.endsWith('/')) {
--- a/firefox/manifest.json
+++ b/firefox/manifest.json
@ -1,11 +1,16 @@
 {
  "manifest_version": 2,
  "name": "StammTV Helper",
-  "version": "1.5",
+  "version": "2.0.1",
  "browser_action": {
    "default_title": "StammTV Context-Menu",
    "default_popup": "popup/popup.html"
  },
+  "browser_specific_settings": {
+    "gecko": {
+      "update_url": "https://stammtv.m-it.biz/firefox/updates.json"
+    }
+  },
  "default_locale": "en",
  "description": "Adds a context-menu option to send URLs to your instance of StammTV",
  "icons": {