diff options
| author | Anders Kaseorg <[email protected]> | 2017-01-20 13:13:31 -0500 |
|---|---|---|
| committer | Anders Kaseorg <[email protected]> | 2017-01-21 16:52:27 -0500 |
| commit | 88946d331aad96ecbdf9d570853121e5a7eb07ab (patch) | |
| tree | 7e9f21a5e61e030352a81711776731d514707bd1 /js/prefs.js | |
| parent | 0047f2578f126cb6de2eed928e86ed7340c3854d (diff) | |
Replace all setTimeout strings with functions
This fixes a cross-site scripting vulnerability.
Signed-off-by: Anders Kaseorg <[email protected]>
Diffstat (limited to 'js/prefs.js')
| -rwxr-xr-x | js/prefs.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/js/prefs.js b/js/prefs.js index 69e779d45..23d43f366 100755 --- a/js/prefs.js +++ b/js/prefs.js @@ -901,10 +901,10 @@ function init_second_stage() { if (method == 'editFeed') { var param = getURLParam('methodparam'); - window.setTimeout('editFeed(' + param + ')', 100); + window.setTimeout(function() { editFeed(param) }, 100); } - setTimeout("hotkey_prefix_timeout()", 5*1000); + setTimeout(hotkey_prefix_timeout, 5*1000); } catch (e) { exception_error("init_second_stage", e); |