diff options
Diffstat (limited to 'quotes')
| -rw-r--r-- | quotes/index.js | 2 | ||||
| -rw-r--r-- | quotes/public/script.js | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/quotes/index.js b/quotes/index.js index 5aa0646..0e0717b 100644 --- a/quotes/index.js +++ b/quotes/index.js @@ -11,7 +11,7 @@ app.post("/api/add", checkUser, async (req, res) => { await db.query("INSERT INTO quotes (user_id, author_id, quote) VALUE (?,?,?)", [ req.session.uid, parseInt(req.body.author), - req.body.quote, + req.body.quote.replace(/</g, "<").replace(/>/g, ">"), ]); res.redirect("/quotes"); } catch (e) { diff --git a/quotes/public/script.js b/quotes/public/script.js index f8486f9..d848814 100644 --- a/quotes/public/script.js +++ b/quotes/public/script.js @@ -11,7 +11,7 @@ function appendOption(response) { (response[i - 1 < 0 ? 0 : i - 1]["class_id"] !== elem["class_id"] ? `<option disabled>--${classes[elem["class_id"] - 1]}--</option>` : "") + - `<option value="${elem["id"]}">${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${ + `<option value="${elem["id"]}">${elem["name"]} ${elem["middlename"] ? elem["middlename"] + " " : ""}${ elem["surname"] }</option>`, ); @@ -24,7 +24,7 @@ function appendQuote(response) { .getElementById(elem["class"]) .insertAdjacentHTML( "beforeend", - `<li>${elem["name"]} ${elem["middlename"] ? elem["middlename"] : ""}${elem["surname"]}: ${ + `<li>${elem["name"]} ${elem["middlename"] ? elem["middlename"] + " " : ""}${elem["surname"]}: ${ elem["quote"] }${elem["owner"] ? ' <span data-id="' + elem["id"] + '">[x]</span></li>' : ""}`, ); |