From b712a9d175207c363557ef3b3c0d86233da08dd8 Mon Sep 17 00:00:00 2001 From: Danny Coates Date: Tue, 18 Jul 2017 11:53:43 -0700 Subject: [PATCH] escape filename in the ui --- frontend/src/download.js | 2 -- frontend/src/upload.js | 8 ++++---- views/download.handlebars | 6 +++--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/frontend/src/download.js b/frontend/src/download.js index b19d9078..4f1d40b5 100644 --- a/frontend/src/download.js +++ b/frontend/src/download.js @@ -21,7 +21,6 @@ $(document).ready(function() { $('#download-btn').click(download); function download() { const fileReceiver = new FileReceiver(); - const name = document.createElement('p'); fileReceiver.on('progress', progress => { $('#download-page-one').hide(); @@ -82,7 +81,6 @@ $(document).ready(function() { return; }) .then(([decrypted, fname]) => { - name.innerText = fname; const dataView = new DataView(decrypted); const blob = new Blob([dataView]); const downloadUrl = URL.createObjectURL(blob); diff --git a/frontend/src/upload.js b/frontend/src/upload.js index 509dd98c..aaae9582 100644 --- a/frontend/src/upload.js +++ b/frontend/src/upload.js @@ -104,19 +104,19 @@ $(document).ready(function() { $('.percent-number').html(`${Math.floor(percent * 100)}`); }); if (progress[1] < 1000000) { - $('.progress-text').html( + $('.progress-text').text( `${file.name} (${(progress[0] / 1000).toFixed( 1 )}KB of ${(progress[1] / 1000).toFixed(1)}KB)` ); } else if (progress[1] < 1000000000) { - $('.progress-text').html( + $('.progress-text').text( `${file.name} (${(progress[0] / 1000000).toFixed( 1 )}MB of ${(progress[1] / 1000000).toFixed(1)}MB)` ); } else { - $('.progress-text').html( + $('.progress-text').text( `${file.name} (${(progress[0] / 1000000).toFixed( 1 )}MB of ${(progress[1] / 1000000000).toFixed(1)}GB)` @@ -225,7 +225,7 @@ $(document).ready(function() { const url = file.url.trim() + `#${file.secretKey}`.trim(); $('#link').attr('value', url); - $('#copy-text').html( + $('#copy-text').text( 'Copy and share the link to send your file: ' + file.name ); $popupText.attr('tabindex', '-1'); diff --git a/views/download.handlebars b/views/download.handlebars index e1d53c63..4eca5e3c 100644 --- a/views/download.handlebars +++ b/views/download.handlebars @@ -8,7 +8,7 @@ {{#if filename}}
- Download {{{filename}}} ({{{filesize}}}) + Download {{filename}} ({{filesize}})
Your friend is sending you a file with Firefox Send, a service that allows you to share files with a safe, private, and encrypted link that automatically expires to ensure your stuff does not remain online forever. @@ -21,7 +21,7 @@
- Downloading {{{filename}}} ({{{filesize}}}) + Downloading {{filename}} ({{filesize}})
Please leave this tab open while we fetch your file and decrypt it. @@ -34,7 +34,7 @@
-
{{{filename}}}
+
{{filename}}