Remove `{{message}}` interpolation.

It's not used and confuses people. Instead the message gets inserted via `$.text`, to avoid injection attacks.

Remove `{{message}}` interpolation.
It's not used and confuses people. Instead the message gets inserted via `$.text`, to avoid injection attacks.
ec9ed965 · JC Brand · 1b264461 · ec9ed965 · ec9ed965 · ec9ed965
Commit ec9ed965 authored Nov 02, 2016 by JC Brand
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

src/converse-chatview.js src/converse-chatview.js +0 -1

src/templates/action.html src/templates/action.html +1 -1

src/templates/message.html src/templates/message.html +1 -1

No files found.
--- a/src/converse-chatview.js
+++ b/src/converse-chatview.js
@@ -344,7 +344,6 @@
                                'time': msg_time.format('hh:mm'),
                                'isodate': msg_time.format(),
                                'username': username,
-                                'message': '',
                                'extra_classes': extra_classes
                            })
                        )).children('.chat-msg-content').first().text(text)

--- a/src/templates/action.html
+++ b/src/templates/action.html
 <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}">
    <span class="chat-msg-author chat-msg-{{sender}}">{{time}} **{{username}} </span>
-    <span class="chat-msg-content">{{message}}</span>
+    <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
 </div>
--- a/src/templates/message.html
+++ b/src/templates/message.html
 <div class="chat-message {{extra_classes}}" data-isodate="{{isodate}}" data-msgid="{{msgid}}">
    <span class="chat-msg-author chat-msg-{{sender}}">{{time}} {{username}}:&nbsp;</span>
-    <span class="chat-msg-content">{{message}}</span>
+    <span class="chat-msg-content"><!-- message gets added here via renderMessage --></span>
 </div>