From 88946d331aad96ecbdf9d570853121e5a7eb07ab Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Fri, 20 Jan 2017 13:13:31 -0500
Subject: Replace all setTimeout strings with functions

This fixes a cross-site scripting vulnerability.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
---
 js/tt-rss.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'js/tt-rss.js')

diff --git a/js/tt-rss.js b/js/tt-rss.js
index 26982608e..20e0fc5a9 100644
--- a/js/tt-rss.js
+++ b/js/tt-rss.js
@@ -159,7 +159,7 @@ function viewCurrentFeed(method) {
 function timeout() {
 	if (getInitParam("bw_limit") != "1") {
 		request_counters();
-		setTimeout("timeout()", 60*1000);
+		setTimeout(timeout, 60*1000);
 	}
 }
 
@@ -654,7 +654,7 @@ function init_second_stage() {
 
 		if (getInitParam("simple_update")) {
 			console.log("scheduling simple feed updater...");
-			window.setTimeout("update_random_feed()", 30*1000);
+			window.setTimeout(update_random_feed, 30*1000);
 		}
 
 	} catch (e) {
@@ -1130,7 +1130,7 @@ function update_random_feed() {
 			parameters: "op=rpc&method=updateRandomFeed",
 			onComplete: function(transport) {
 				handle_rpc_json(transport, true);
-				window.setTimeout("update_random_feed()", 30*1000);
+				window.setTimeout(update_random_feed, 30*1000);
 			} });
 
 	} catch (e) {
-- 
cgit v1.2.3