Commit 88946d33 authored by Anders Kaseorg's avatar Anders Kaseorg

Replace all setTimeout strings with functions

This fixes a cross-site scripting vulnerability.
Signed-off-by: default avatarAnders Kaseorg <andersk@mit.edu>
parent 0047f257
......@@ -198,7 +198,7 @@ function feedlist_init() {
loading_set_progress(50);
document.onkeydown = hotkey_handler;
setTimeout("hotkey_prefix_timeout()", 5*1000);
setTimeout(hotkey_prefix_timeout, 5*1000);
if (!getActiveFeedId()) {
viewfeed({feed: -3});
......
......@@ -668,7 +668,7 @@ function hotkey_prefix_timeout() {
Element.hide('cmdline');
}
setTimeout("hotkey_prefix_timeout()", 1000);
setTimeout(hotkey_prefix_timeout, 1000);
} catch (e) {
exception_error("hotkey_prefix_timeout", e);
......@@ -1325,7 +1325,7 @@ function unsubscribeFeed(feed_id, title) {
updateFeedList();
} else {
if (feed_id == getActiveFeedId())
setTimeout("viewfeed({feed:-5})", 100);
setTimeout(function() { viewfeed({feed:-5}) }, 100);
if (feed_id < 0) updateFeedList();
}
......
......@@ -901,10 +901,10 @@ function init_second_stage() {
if (method == 'editFeed') {
var param = getURLParam('methodparam');
window.setTimeout('editFeed(' + param + ')', 100);
window.setTimeout(function() { editFeed(param) }, 100);
}
setTimeout("hotkey_prefix_timeout()", 5*1000);
setTimeout(hotkey_prefix_timeout, 5*1000);
} catch (e) {
exception_error("init_second_stage", e);
......
......@@ -159,7 +159,7 @@ function viewCurrentFeed(method) {
function timeout() {
if (getInitParam("bw_limit") != "1") {
request_counters();
setTimeout("timeout()", 60*1000);
setTimeout(timeout, 60*1000);
}
}
......@@ -654,7 +654,7 @@ function init_second_stage() {
if (getInitParam("simple_update")) {
console.log("scheduling simple feed updater...");
window.setTimeout("update_random_feed()", 30*1000);
window.setTimeout(update_random_feed, 30*1000);
}
} catch (e) {
......@@ -1130,7 +1130,7 @@ function update_random_feed() {
parameters: "op=rpc&method=updateRandomFeed",
onComplete: function(transport) {
handle_rpc_json(transport, true);
window.setTimeout("update_random_feed()", 30*1000);
window.setTimeout(update_random_feed, 30*1000);
} });
} catch (e) {
......
......@@ -2315,7 +2315,7 @@ function updateFloatingTitle(unread_only) {
function catchupCurrentBatchIfNeeded() {
if (catchup_id_batch.length > 0) {
window.clearTimeout(catchup_timeout_id);
catchup_timeout_id = window.setTimeout('catchupBatchedArticles()', 1000);
catchup_timeout_id = window.setTimeout(catchupBatchedArticles, 1000);
if (catchup_id_batch.length >= 10) {
catchupBatchedArticles();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment