Merge pull request #10913 from nextcloud/do-not-parse-html-in-user-id-and-display-name

Do not parse HTML in user id and display name
This commit is contained in:
Morris Jobke 2018-08-30 20:52:20 +02:00 committed by GitHub
commit ab9672a32f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 16 deletions

View File

@ -195,22 +195,26 @@
}, },
sorter: function (q, items) { return items; } sorter: function (q, items) { return items; }
}, },
displayTpl: '<li>' displayTpl: function (item) {
+ '<span class="avatar-name-wrapper">' return '<li>'
+ '<div class="avatar" ' + '<span class="avatar-name-wrapper">'
+ 'data-username="${id}"' // for avatars + '<div class="avatar" '
+ ' data-user="${id}"' // for contactsmenu + ' data-username="' + escapeHTML(item.id) + '"' // for avatars
+ ' data-user-display-name="${label}"></div>' + ' data-user="' + escapeHTML(item.id) + '"' // for contactsmenu
+ ' <strong>${label}</strong>' + ' data-user-display-name="' + escapeHTML(item.label) + '"></div>'
+ '</span></li>', + ' <strong>' + escapeHTML(item.label) + '</strong>'
insertTpl: '' + '</span></li>';
+ '<span class="avatar-name-wrapper">' },
+ '<div class="avatar" ' insertTpl: function (item) {
+ 'data-username="${id}"' // for avatars return ''
+ ' data-user="${id}"' // for contactsmenu + '<span class="avatar-name-wrapper">'
+ ' data-user-display-name="${label}"></div>' + '<div class="avatar" '
+ ' <strong>${label}</strong>' + ' data-username="' + escapeHTML(item.id) + '"' // for avatars
+ '</span>', + ' data-user="' + escapeHTML(item.id) + '"' // for contactsmenu
+ ' data-user-display-name="' + escapeHTML(item.label) + '"></div>'
+ ' <strong>' + escapeHTML(item.label) + '</strong>'
+ '</span>';
},
searchKey: "label" searchKey: "label"
}); });
$target.on('inserted.atwho', function (je, $el) { $target.on('inserted.atwho', function (je, $el) {