Skip to content

Commit a6b488a

Browse files
Mark JessopMark Jessop
Mark Jessop
authored and
Mark Jessop
committed
Reduce xss profile for historical sonde markers
1 parent fa7df9c commit a6b488a

File tree

1 file changed

+36
-23
lines changed

1 file changed

+36
-23
lines changed

js/station.js

Lines changed: 36 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,17 @@ function drawHistorical (data, station) {
174174
}
175175
}
176176

177-
var popup = L.popup();
177+
var popup = new L.popup({ autoClose: false, closeOnClick: false }).setContent(serial);
178+
179+
if (!recovered) {
180+
var marker = L.circleMarker([landing.lat, landing.lon], {fillColor: "white", color: iconColour, weight: 3, radius: 5, fillOpacity:1});
181+
} else {
182+
var marker = L.circleMarker([landing.lat, landing.lon], {fillColor: "grey", color: iconColour, weight: 3, radius: 5, fillOpacity:1});
183+
}
184+
185+
marker.bindPopup(popup);
186+
187+
div = document.createElement('div');
178188

179189
html = "<div style='line-height:16px;position:relative;'>";
180190
html += "<div>"+serial+" <span style=''>("+time+")</span></div>";
@@ -194,23 +204,13 @@ function drawHistorical (data, station) {
194204

195205
html += "<hr style='margin:0px;margin-top:5px'>";
196206

197-
if (recovered) {
198-
_recovered_text = recovery_info.recovered ? "Recovered by " : "Not Recovered by ";
199-
200-
// Override text is planned field exists and is true
201-
if(recovery_info.hasOwnProperty('planned')){
202-
if(recovery_info.planned == true){
203-
_recovered_text = "Recovery Planned by ";
204-
}
205-
}
206-
207-
html += "<div><b>"+(_recovered_text)+recovery_info.recovered_by+"</u></b></div>";
208-
html += "<div><b>Recovery time:&nbsp;</b>"+formatDate(stringToDateUTC(recovery_info.datetime))+"</div>";
209-
html += "<div><b>Recovery location:&nbsp;</b>"+recovery_info.position[1]+", "+recovery_info.position[0] + "</div>";
210-
html += "<div><b>Recovery notes:&nbsp;</b>"+recovery_info.description+"</div>";
211-
212-
html += "<hr style='margin:0px;margin-top:5px'>";
213-
}
207+
html += "<div class='recovery_section' style='line-height:16px;position:relative;'>";
208+
html += "<div><b class='recovery_text'></b></div>";
209+
html += "<div><b>Reported at:&nbsp;</b><span class='recovery_time'></span></div>";
210+
html += "<div><b>Reported by:&nbsp;</b><span class='recovery_by'></span></div>";
211+
html += "<div><b>Notes:&nbsp;</b><span class='recovery_desc'></span></div>";
212+
html += "<hr style='margin:0px;margin-top:5px'>";
213+
html += "</div>";
214214

215215
html += "<div><b>Show Full Flight Path: <b><a href=\"javascript:showRecoveredMap('" + serial + "')\">" + serial + "</a></div>";
216216

@@ -221,15 +221,28 @@ function drawHistorical (data, station) {
221221
html += "<div>Last received by: " + landing.uploader_callsign.toLowerCase() + "</div>";
222222
};
223223

224-
popup.setContent(html);
224+
div.innerHTML = html;
225225

226-
if (!recovered) {
227-
var marker = L.circleMarker([landing.lat, landing.lon], {fillColor: "white", color: iconColour, weight: 3, radius: 5, fillOpacity:1});
226+
227+
if (recovered) {
228+
_recovered_text = recovery_info.recovered ? " Recovered" : "Not Recovered";
229+
230+
// Override text is planned field exists and is true
231+
if(recovery_info.hasOwnProperty('planned')){
232+
if(recovery_info.planned == true){
233+
_recovered_text = " Recovery Planned";
234+
}
235+
}
236+
div.getElementsByClassName("recovery_text")[0].textContent = recovery_info.serial + _recovered_text;
237+
div.getElementsByClassName("recovery_time")[0].textContent = formatDate(stringToDateUTC(recovery_info.datetime));
238+
div.getElementsByClassName("recovery_by")[0].textContent = recovery_info.recovered_by;
239+
div.getElementsByClassName("recovery_desc")[0].textContent = recovery_info.description;
228240
} else {
229-
var marker = L.circleMarker([landing.lat, landing.lon], {fillColor: "grey", color: iconColour, weight: 3, radius: 5, fillOpacity:1});
241+
div.getElementsByClassName("recovery_section")[0].style.display = "none";
230242
}
231243

232-
marker.bindPopup(popup);
244+
popup.setContent(div);
245+
233246

234247
marker.addTo(map);
235248
marker.bringToBack();

0 commit comments

Comments
 (0)