CLDR-17248 Measure vote timing; log times to console; refactor to use…

… fetch -Make cldrVote.CLDR_VOTE_DEBUG true; log times to console -Refactor to use modern cldrAjax.doFetch instead of legacy cldrAjax.sendXhr -Reduce very long functions and nested subroutines -Sanitize error message with new method makeSafe to avoid security warning -Comments
unicode-org · Nov 22, 2023 · ba36c91 · ba36c91
1 parent 159f90a
commit ba36c91
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/tools/cldr-apps/js/src/esm/cldrVote.mjs b/tools/cldr-apps/js/src/esm/cldrVote.mjs
@@ -214,14 +214,27 @@ function handleVoteErr(tr, message, button) {
     "<td colspan='4'>" +
     cldrStatus.stopIcon() +
     " Could not check value. Try reloading the page.<br>" +
-    message +
+    makeSafe(message) +
     "</td>";
   cldrRetry.handleDisconnect("Error submitting a vote");
   button.className = "ichoice-o";
   button.checked = false;
   cldrSurvey.hideLoader();
 }
 
+/**
+ * Avoid warning, "Directly writing error messages to a webpage without sanitization allows for a cross-site
+ * scripting vulnerability if parts of the error message can be influenced by a user."
+ *
+ * @param {String} s the raw string
+ * @returns the sanitized string
+ */
+function makeSafe(s) {
+  const div = document.createElement("div");
+  div.innerHTML = s;
+  return div.textContent;
+}
+
 function logVote(rowHash, vHash, value) {
   console.log(
     "Vote for " +