diff options
Diffstat (limited to 'profile')
| -rw-r--r-- | profile/index.js | 6 | ||||
| -rw-r--r-- | profile/public/script.js | 5 | ||||
| -rw-r--r-- | profile/public/user.js | 2 |
3 files changed, 6 insertions, 7 deletions
diff --git a/profile/index.js b/profile/index.js index 41de0d5..cc0972a 100644 --- a/profile/index.js +++ b/profile/index.js @@ -47,11 +47,11 @@ app.put("/api/answer", async (req, res) => { async function answer(req, res, qs) { try { - for (const qid of req.body) { - if (!req.body.hasOwnProperty(qid)/* || !req.body[qid]*/) continue; + for (const qid in req.body) { + if (!req.body.hasOwnProperty(qid)) continue; const answer = req.body[qid]; try { - await db.query(qs, [answer, qid, req.session.uid]); // TODO: Frontend display sanitize + await db.query(qs, [answer, qid, req.session.uid]); } catch (e) { console.error(e); } diff --git a/profile/public/script.js b/profile/public/script.js index eb5ff14..91b723e 100644 --- a/profile/public/script.js +++ b/profile/public/script.js @@ -92,18 +92,17 @@ form.addEventListener("submit", async (evt) => { } const body = JSON.stringify(rawBody); - const resp = await fetch("api/answer", { method, body }); + const resp = await fetch("api/answer", { method, body, headers: { "Content-Type": "application/json" } }); const res = await resp.json(); if (!res.success) alert("AHHHH"); else init = false; - // else location.reload(); // BUT WHY? }); saveBtn.addEventListener("click", (e) => { cropper.getCroppedCanvas() .toBlob(async (blob) => { const url = "api/answerImage"; - const method = imageInit ? "POST" : "PUT"; // Separate image init + const method = imageInit ? "POST" : "PUT"; const body = new FormData(); if (imageID === -1) { return; diff --git a/profile/public/user.js b/profile/public/user.js index 39d6713..9a55682 100644 --- a/profile/public/user.js +++ b/profile/public/user.js @@ -13,7 +13,7 @@ function addUser(userData) { if (!questions.hasOwnProperty(questionID)) continue; const question = questions[questionID]; const div = document.createElement("div"); - div.innerHTML = `<b>${question.question}</b> <span>${question.answer || ""}</span>`; + div.innerHTML = `<b>${question.question.replace(/</g, "<").replace(/>/g, ">")}</b> <span>${question.answer.replace(/</g, "<").replace(/>/g, ">") || ""}</span>`; divs.push(div); } const h1 = document.createElement("h1"); |