rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix security from upstream + console error messages

Browse Source
This commit is contained in:
SillyLossy
2023-03-19 20:23:18 +02:00
parent 379207a3d8
commit 006ffec1f9
8 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
public/scripts/extensions.js
View File

@ -201,13 +201,13 @@ function addExtensionScript(name, manifest) {
function showExtensionsDetails() {
let html = '<h3>Modules provided by your Extensions API:</h3>';
html += modules.length ? modules.join(', ') : '<p class="failure">Not connected to the API!</p>';
html += modules.length ? DOMPurify.sanitize(modules.join(', ')) : '<p class="failure">Not connected to the API!</p>';
html += '<h3>Available extensions:</h3>';
Object.entries(manifests).sort((a, b) => a[1].loading_order - b[1].loading_order).forEach(extension => {
const name = extension[0];
const manifest = extension[1];
html += `<h4>${manifest.display_name}</h4>`;
html += `<h4>${DOMPurify.sanitize(manifest.display_name)}</h4>`;
if (activeExtensions.has(name)) {
html += `<p class="success">Extension is active. <a href="javascript:void" data-name="${name}" class="disable_extension">Disable</a></p>`;
}
@ -217,7 +217,7 @@ function showExtensionsDetails() {
else {
const requirements = new Set(manifest.requires);
modules.forEach(x => requirements.delete(x));
const requirementsString = [...requirements].join(', ');
const requirementsString = DOMPurify.sanitize([...requirements].join(', '));
html += `<p>Missing modules: <span class="failure">${requirementsString}</span></p>`
}
});

5
public/scripts/extensions/floating-prompt/index.js
View File

@ -38,6 +38,11 @@ function saveSettings() {
async function moduleWorker() {
const context = getContext();
if (!context.groupId && !context.characterId) {
return;
}
loadSettings();
// take the count of messages

7
public/scripts/group-chats.js
View File

@ -178,7 +178,7 @@ function printGroups() {
for (let group of groups) {
const template = $("#group_list_template .group_select").clone();
template.data("id", group.id);
template.find(".ch_name").html(group.name);
template.find(".ch_name").text(group.name);
$("#rm_print_characters_block").prepend(template);
updateGroupAvatar(group);
}
@ -437,6 +437,9 @@ async function deleteGroup(id) {
$("#rm_info_block").transition({ opacity: 0, duration: 0 });
select_rm_info("Group deleted!");
$("#rm_info_block").transition({ opacity: 1.0, duration: 2000 });
$("#rm_button_selected_ch").children("h2").text('');
setRightTabSelectedClass();
}
}
@ -535,7 +538,7 @@ function select_group_chats(chat_id) {
const template = $("#group_member_template .group_member").clone();
template.data("id", character.name);
template.find(".avatar img").attr("src", avatar);
template.find(".ch_name").html(character.name);
template.find(".ch_name").text(character.name);
template.click(memberClickHandler);
if (

3
public/scripts/purify.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long