diff options
author | Peter Wu | 2014-07-20 23:23:17 +0200 |
---|---|---|
committer | Peter Wu | 2014-07-20 23:23:17 +0200 |
commit | c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch) | |
tree | ffc767ddc0392b286d5cec0f053cf09796333077 /js | |
parent | graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff) | |
download | apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2 apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz |
Defensive programming: more urlencode/htmlentities
Make build_url return an URL, not HTML. This separates presentation
from data.
plugin_header's return value is unused, remove the unnecessary return.
At places where `printf("<tag att='%s'>", $x);` is used, it is now
converted to `printf("<tag att=\"%s\">", htmlentities($x));` since
the single quote is not escaped by default by htmlentities.
In case the canvas style is used, JS should use `textContent` instead
of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should)
use(s) IE6 anymore, so it is a safe change.
While at it, use the standard charset attribute of meta to specify
the character set (UTF-8).
Diffstat (limited to 'js')
-rw-r--r-- | js/CGP.js | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -66,7 +66,7 @@ function prepare_draw(id) { | |||
66 | RrdGraph.prototype.mousex = 0; | 66 | RrdGraph.prototype.mousex = 0; |
67 | RrdGraph.prototype.mousedown = false; | 67 | RrdGraph.prototype.mousedown = false; |
68 | 68 | ||
69 | var cmdline = document.getElementById(id).innerHTML; | 69 | var cmdline = document.getElementById(id).textContent; |
70 | var gfx = new RrdGfxCanvas(id); | 70 | var gfx = new RrdGfxCanvas(id); |
71 | var fetch = new RrdDataFile(); | 71 | var fetch = new RrdDataFile(); |
72 | var rrdcmdline = null; | 72 | var rrdcmdline = null; |