From 2765c53da6b6ff099555283f75b10a09ed17a108 Mon Sep 17 00:00:00 2001
From: Nils Beyer <nilsb@fsmpi.rwth-aachen.de>
Date: Tue, 12 Oct 2021 18:45:34 +0200
Subject: [PATCH] Fix: password escaping in permissioneditor

---
 static/moderator.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/static/moderator.js b/static/moderator.js
index 524cc1d..a76e28a 100644
--- a/static/moderator.js
+++ b/static/moderator.js
@@ -168,7 +168,7 @@ var moderator = {
 				var type = $(srcel).data('type');
 				$('#editpermdiv').data('id',id);
 				$('#editpermdiv').data('type',type);
-				var html = ''
+				var permElems = []
 				for (i in moderator.permissioneditor.permissions) {
 					if ((moderator.permissioneditor.permissions[i][type+'_id'] == id)) {
 						var perm = {};
@@ -201,10 +201,17 @@ var moderator = {
 								permstring = '(' + perm.param1 + ')'
 								break;
 						}
-						html += '<option data-id="'+perm.id+'" data-type="'+perm.type+'" data-param1="'+perm.param1+'" data-param2="'+perm.param2+'">#'+perm.id+' '+perm.type+' '+ permstring +'</option>';
+						var optionEl = document.createElement('option');
+						optionEl.dataset.id = perm.id;
+						optionEl.dataset.type = perm.type;
+						optionEl.dataset.param1 = perm.param1;
+						optionEl.dataset.param2 = perm.param2;
+
+						optionEl.text = '#' + perm.id + ' ' + perm.type + ' ' + permstring;
+						permElems.push(optionEl)
 					}
 				}
-				$('#permissionlist').html(html);
+				document.querySelector('#permissionlist').replaceChildren(...permElems);
 			});
 
 		},
-- 
GitLab