From c78ef333da6f039210fee98ef8821f14ee9131b0 Mon Sep 17 00:00:00 2001 From: Calvin Montgomery Date: Wed, 11 Jan 2023 17:57:02 -0800 Subject: [PATCH] Fix a couple issues discussed on IRC --- integration_test/channel/kickban.js | 19 +++++++++++++++++++ package.json | 2 +- player/custom-embed.coffee | 15 +++++++++++++-- src/channel/kickban.js | 12 ++++++++++-- 4 files changed, 43 insertions(+), 5 deletions(-) diff --git a/integration_test/channel/kickban.js b/integration_test/channel/kickban.js index f153bb93..d992bf61 100644 --- a/integration_test/channel/kickban.js +++ b/integration_test/channel/kickban.js @@ -110,6 +110,25 @@ describe('KickbanModule', () => { ); }); + it('rejects if the username is invalid', done => { + mockUser.socket.emit = (frame, obj) => { + if (frame === 'errorMsg') { + assert.strictEqual( + obj.msg, + 'Invalid username' + ); + + done(); + } + }; + + kickban.handleCmdBan( + mockUser, + '/ban test_user<>%$# because reasons', + {} + ); + }); + it('rejects if the user does not have ban permission', done => { mockUser.socket.emit = (frame, obj) => { if (frame === 'errorMsg') { diff --git a/package.json b/package.json index 0ba85f5c..3abee162 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "Calvin Montgomery", "name": "CyTube", "description": "Online media synchronizer and chat", - "version": "3.84.0", + "version": "3.85.0", "repository": { "url": "http://github.com/calzoneman/sync" }, diff --git a/player/custom-embed.coffee b/player/custom-embed.coffee index f03fcf44..516b284f 100644 --- a/player/custom-embed.coffee +++ b/player/custom-embed.coffee @@ -15,8 +15,19 @@ window.CustomEmbedPlayer = class CustomEmbedPlayer extends EmbedPlayer return embedSrc = data.meta.embed.src - link = "#{embedSrc}" - alert = makeAlert('Untrusted Content', CUSTOM_EMBED_WARNING.replace('%link%', link), + + link = document.createElement('a') + link.href = embedSrc + link.target = '_blank' + link.rel = 'noopener noreferer' + + strong = document.createElement('strong') + strong.textContent = embedSrc + link.appendChild(strong) + + # TODO: Ideally makeAlert() would allow optionally providing a DOM + # element instead of requiring HTML text + alert = makeAlert('Untrusted Content', CUSTOM_EMBED_WARNING.replace('%link%', link.outerHTML), 'alert-warning') .removeClass('col-md-12') $('