Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closes issue #420 #423

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Closes issue #420 #423

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion js/everything.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
gtag("send", "event", "YouTube iframe API error", verboseMessage);

// Log debug info
console.log("Verbose debug error message: ", verboseMessage);

Check warning on line 83 in js/everything.js

View workflow job for this annotation

GitHub Actions / build (16.x) 

Unexpected console statement
}
}

Expand Down Expand Up @@ -262,7 +262,7 @@
var description = "";

if (isFileProtocol()) {
console.log("Skipping video description request as we're running the site locally.");

Check warning on line 265 in js/everything.js

View workflow job for this annotation

GitHub Actions / build (16.x) 

Unexpected console statement
$("#toggleDescription").hide();
}
else {
Expand Down Expand Up @@ -327,7 +327,7 @@
function logError(jqXHR, textStatus, errorThrown, _errorMessage) {
var responseText = JSON.parse(jqXHR.error().responseText);
errorMessage.show(responseText.error.errors[0].message);
console.log(_errorMessage, errorThrown);

Check warning on line 330 in js/everything.js

View workflow job for this annotation

GitHub Actions / build (16.x) 

Unexpected console statement
}

function toggleElement(event, toggleID, buttonText) {
Expand Down Expand Up @@ -441,7 +441,13 @@
* (2) it encounters a period (.) or whitespace, if the TLD was followed by a forwardslash (/) */
var re = /((?:http|https)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(?:\/\S*[^\.\s])?)/g; // eslint-disable-line no-useless-escape
/* Wraps all found URLs in <a> tags */
return text.replace(re, "<a href=\"$1\" target=\"_blank\">$1</a>");
// Use a function to replace matches
return text.replace(re, function(match) {
// Escape the match to prevent XSS
var url = encodeURIComponent(match);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @ChandraShekharAgrawal!

We actually want encodeURI(match) here instead, otherwise we will get invalid URLs.

e.g.

If match is http://smarturl.it/outlines, then url becomes a non-valid URL http%3A%2F%2Fsmarturl.it%2Foutlines, which is then interpreted by the browser as http://localhost:8080/http%3A%2F%2Fsmarturl.it%2Foutlines when running locally.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can test this yourself locally after you run npm install and npm start...

  1. Go to http://localhost:8080/?v=03O2yKUgrKw (or other video with links in the description, this is one of our demo videos).
  2. Click Show Description
  3. Inspect any links in the browser

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ChandraShekharAgrawal hi, any chance you can revisit this?

// Wrap the URL in an anchor tag
return "<a href=\"" + url + "\" target=\"_blank\">" + match + "</a>";
});
}

function anchorTimestamps(text, videoID) {
Expand Down
Loading