LotusGuild/gandalf
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix setDur implicit event, title XSS, hardcoded pulse URL, suppress error toast

Browse Source 
- suppressions.html: setDur() now takes explicit element param instead of relying
  on implicit global event.target (which fails outside direct click handlers)
- suppressions.html: removeSuppression() now shows error toast on failed DELETE
- templates/index.html: escape description in title attribute with |e filter
  to prevent attribute breakout on quotes in description text
- diagnose.py: derive Pulse execution URL from pulse_client.url instead of
  hardcoding http://pulse.lotusguild.org

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-13 14:36:55 -04:00
parent f8395dcd24
commit af26407363
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
templates/suppressions.html
View File

@@ -180,10 +180,10 @@
document.getElementById('s-name').required = (t!=='all');
}
function setDur(mins) {
function setDur(mins, el) {
document.getElementById('s-expires').value = mins || '';
document.querySelectorAll('.duration-pills .pill').forEach(p => p.classList.remove('active'));
event.target.classList.add('active');
if (el) el.classList.add('active');
const hint = document.getElementById('s-dur-hint');
if (mins) {
const h = Math.floor(mins/60), m = mins%60;
@@ -224,6 +224,8 @@
if (data.success) {
document.getElementById(`sup-row-${id}`)?.remove();
showToast('Suppression removed', 'success');
} else {
showToast(data.error || 'Failed to remove suppression', 'error');
}
}
</script>