lucaspalomodevelop/eventcally
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/eventcally.git synced 2026-03-13 00:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #58 from DanielGrams/issue/57-code-scanning

Browse Source 
Fix code scanning alerts #57
This commit is contained in:
Daniel Grams 2021-01-18 09:54:02 +01:00 committed by GitHub
commit 5bad231cec
7 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
project/static/jquery.recurrenceinput.js
View File

@ -1262,13 +1262,19 @@
}
function getField(field) {
// See if it is a field already
var realField = $(field);
if (!realField.length) {
var realField = null;
if (field instanceof Element) {
// See if it is a field already
realField = $(field);
}
if (realField == null || !realField.length) {
// Otherwise, we assume it's an id:
realField = $('#' + field);
}
if (!realField.length) {
if (realField == null || !realField.length) {
// Still not? Then it's a name.
realField = $("input[name='" + field + "']");
}

8
project/templates/_macros.html
View File

@ -218,7 +218,7 @@
{% if link %}
<div>
<i class="fa fa-fw fa-link" data-toggle="tooltip" title="{{ _('Link') }}"></i>
<a href="{{ link }}" target="_blank">{{ link }}</a>
<a href="{{ link }}" target="_blank" rel="noopener noreferrer">{{ link }}</a>
</div>
{% endif %}
{% endmacro %}
@ -411,7 +411,7 @@
</div>
<p>
<a href="http://www.google.com/maps?q={{ render_place(event.event_place) | quote_plus }}" class="btn btn-secondary" target="_blank">{{ _('Show directions') }}</a>
<a href="http://www.google.com/maps?q={{ render_place(event.event_place) | quote_plus }}" class="btn btn-secondary" target="_blank" rel="noopener noreferrer">{{ _('Show directions') }}</a>
</p>
{% endif %}
</div>
@ -578,7 +578,7 @@
<table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td> <a href="{{ url }}" target="_blank">{{ title }}</a> </td>
<td> <a href="{{ url }}" target="_blank" rel="noopener noreferrer">{{ title }}</a> </td>
</tr>
</tbody>
</table>
@ -875,7 +875,7 @@ if (URL) {
{{ form_field.hidden_tag() }}
{% if form_field.object_data and form_field.object_data.id %}
<div>
<a href="{{ url_for('image', id=form_field.object_data.id) }}" target="_blank"><img src="{{ url_for('image', id=form_field.object_data.id) }}" class="img-fluid" style="max-width:5rem;" /></a>
<a href="{{ url_for('image', id=form_field.object_data.id) }}" target="_blank" rel="noopener noreferrer"><img src="{{ url_for('image', id=form_field.object_data.id) }}" class="img-fluid" style="max-width:5rem;" /></a>
</div>
{{ render_field_with_errors(form_field.delete_flag, style="width: fit-content; flex: initial;") }}
{% endif %}

4
project/templates/developer/read.html
View File

@ -9,7 +9,7 @@
<h2>API</h2>
<ul>
<li>Documentation: <a href="/swagger-ui" target="_blank">Swagger/OpenAPI</a></li>
<li>Documentation: <a href="/swagger-ui" target="_blank" rel="noopener noreferrer">Swagger/OpenAPI</a></li>
</ul>
<h2>Data download</h2>
@ -21,7 +21,7 @@
No files available
{% endif %}
</li>
<li>The data file format is part of the <a href="/swagger-ui" target="_blank">API spec</a>. Watch for the <code>*Dump</code> models.</li>
<li>The data file format is part of the <a href="/swagger-ui" target="_blank" rel="noopener noreferrer">API spec</a>. Watch for the <code>*Dump</code> models.</li>
</ul>

2
project/templates/example.html
View File

@ -7,7 +7,7 @@ oveda - Terminkalender für Goslar und Hahnenklee
<h1>Terminkalender für Goslar und Hahnenklee</h1>
<div class="my-4">
<a class="btn btn-secondary my-1" href="{{ url_for('event_suggestion_create_for_admin_unit', au_short_name='goslar') }}" role="button" target="_blank"><i class="fa fa-plus"></i> {{ _('Create event suggestion') }}</a>
<a class="btn btn-secondary my-1" href="{{ url_for('event_suggestion_create_for_admin_unit', au_short_name='goslar') }}" role="button" target="_blank" rel="noopener noreferrer"><i class="fa fa-plus"></i> {{ _('Create event suggestion') }}</a>
</div>
<div class="input-group mb-2 mr-sm-2">

4
project/templates/manage/widgets.html
View File

@ -31,11 +31,11 @@
<h2>{{ _('Link, um Veranstaltungen vorzuschlagen') }}</h2>
<input class="form-control" value="{{ url_for('event_suggestion_create_for_admin_unit', au_short_name=admin_unit.short_name, _external=True) }}" />
<p><a class="btn btn-outline-info my-2" href="{{ url_for('event_suggestion_create_for_admin_unit', au_short_name=admin_unit.short_name, _external=True) }}" target="_blank">Vorschau <i class="fa fa-external-link-alt"></i></a></p>
<p><a class="btn btn-outline-info my-2" href="{{ url_for('event_suggestion_create_for_admin_unit', au_short_name=admin_unit.short_name, _external=True) }}" target="_blank" rel="noopener noreferrer">Vorschau <i class="fa fa-external-link-alt"></i></a></p>
<h2>{{ _('URL für Infoscreen') }}</h2>
<input class="form-control" value="{{ url_for('widget_infoscreen', au_short_name=admin_unit.short_name, _external=True) }}" />
<p><a class="btn btn-outline-info my-2" href="{{ url_for('widget_infoscreen', au_short_name=admin_unit.short_name, _external=True) }}" target="_blank">Vorschau <i class="fa fa-external-link-alt"></i></a></p>
<p><a class="btn btn-outline-info my-2" href="{{ url_for('widget_infoscreen', au_short_name=admin_unit.short_name, _external=True) }}" target="_blank" rel="noopener noreferrer">Vorschau <i class="fa fa-external-link-alt"></i></a></p>
{% endblock %}

4
project/templates/widget/event_date/list.html
View File

@ -63,7 +63,7 @@
<small class="text-muted mr-2"><i class="fa fa-database"></i> {{ date.event.admin_unit.name }}</small>
{% endif %}
<small class="text-muted"><i class="fa fa-map-marker"></i> {{ date.event.event_place.name }}</small>
<a href="{{ url_for('widget_event_date', au_short_name=admin_unit.short_name, id=date.id) }}" target="_blank" class="stretched-link"></a>
<a href="{{ url_for('widget_event_date', au_short_name=admin_unit.short_name, id=date.id) }}" target="_blank" rel="noopener noreferrer" class="stretched-link"></a>
</div>
<div class="col-sm-4 text-right">
{% if date.event.photo_id %}
@ -95,7 +95,7 @@
<small class="text-muted mr-2"><i class="fa fa-database"></i> {{ date.event.admin_unit.name }}</small>
{% endif %}
<small class="text-muted"><i class="fa fa-map-marker"></i> {{ date.event.event_place.name }}</small>
<a href="{{ url_for('widget_event_date', au_short_name=admin_unit.short_name, id=date.id) }}" target="_blank" class="stretched-link"></a>
<a href="{{ url_for('widget_event_date', au_short_name=admin_unit.short_name, id=date.id) }}" target="_blank" rel="noopener noreferrer" class="stretched-link"></a>
</div>
</div>
</div>

14
project/templates/widget/event_suggestion/create.html
View File

@ -15,12 +15,16 @@
{{ render_cropper_header() }}
<script>
function stripHTML(dirty) {
return $("<div/>").html(dirty).text();
}
function update_preview(form) {
var name = form.find('input[name=name]').val();
var place = form.find('select[name=event_place_id] > option:selected').text();
var organizer = form.find('select[name=organizer_id] > option:selected').text();
var external_link = form.find('input[name=external_link]').val();
var description = form.find('textarea[name=description]').val();
var name = stripHTML(form.find('input[name=name]').val());
var place = stripHTML(form.find('select[name=event_place_id] > option:selected').text());
var organizer = stripHTML(form.find('select[name=organizer_id] > option:selected').text());
var external_link = stripHTML(form.find('input[name=external_link]').val());
var description = stripHTML(form.find('textarea[name=description]').val());
var image_data_url = $('#photo_preview').attr("src");
var start = '';