diff options
| author | Peter Wu | 2014-07-20 23:23:17 +0200 |
|---|---|---|
| committer | Peter Wu | 2014-07-20 23:23:17 +0200 |
| commit | c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch) | |
| tree | ffc767ddc0392b286d5cec0f053cf09796333077 /js | |
| parent | graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff) | |
| download | apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2 apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz | |
Defensive programming: more urlencode/htmlentities
Make build_url return an URL, not HTML. This separates presentation
from data.
plugin_header's return value is unused, remove the unnecessary return.
At places where `printf("<tag att='%s'>", $x);` is used, it is now
converted to `printf("<tag att=\"%s\">", htmlentities($x));` since
the single quote is not escaped by default by htmlentities.
In case the canvas style is used, JS should use `textContent` instead
of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should)
use(s) IE6 anymore, so it is a safe change.
While at it, use the standard charset attribute of meta to specify
the character set (UTF-8).
Diffstat (limited to 'js')
| -rw-r--r-- | js/CGP.js | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -66,7 +66,7 @@ function prepare_draw(id) { | |||
| 66 | RrdGraph.prototype.mousex = 0; | 66 | RrdGraph.prototype.mousex = 0; |
| 67 | RrdGraph.prototype.mousedown = false; | 67 | RrdGraph.prototype.mousedown = false; |
| 68 | 68 | ||
| 69 | var cmdline = document.getElementById(id).innerHTML; | 69 | var cmdline = document.getElementById(id).textContent; |
| 70 | var gfx = new RrdGfxCanvas(id); | 70 | var gfx = new RrdGfxCanvas(id); |
| 71 | var fetch = new RrdDataFile(); | 71 | var fetch = new RrdDataFile(); |
| 72 | var rrdcmdline = null; | 72 | var rrdcmdline = null; |