Merge branch 'settimeout-strings' into 'master'

Replace all setTimeout strings with functions This fixes a cross-site scripting vulnerability. See merge request !41
author: Andrew Dolgov <cthulhoo@gmail.com> 2017-01-22 09:47:20 +0300
committer: Andrew Dolgov <cthulhoo@gmail.com> 2017-01-22 09:47:20 +0300
commit: 7262c1726f1b900d2211d4cfb9054aefb93b991e (patch)
tree: 7e9f21a5e61e030352a81711776731d514707bd1 /js/prefs.js
parent: 0047f2578f126cb6de2eed928e86ed7340c3854d (diff)
parent: 88946d331aad96ecbdf9d570853121e5a7eb07ab (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/js/prefs.js b/js/prefs.js
index 69e779d45..23d43f366 100755
--- a/js/prefs.js
+++ b/js/prefs.js
@@ -901,10 +901,10 @@ function init_second_stage() {
 		if (method == 'editFeed') {
 			var param = getURLParam('methodparam');
 
-			window.setTimeout('editFeed(' + param + ')', 100);
+			window.setTimeout(function() { editFeed(param) }, 100);
 		}
 
-		setTimeout("hotkey_prefix_timeout()", 5*1000);
+		setTimeout(hotkey_prefix_timeout, 5*1000);
 
 	} catch (e) {
 		exception_error("init_second_stage", e);
author	Andrew Dolgov <cthulhoo@gmail.com>	2017-01-22 09:47:20 +0300
committer	Andrew Dolgov <cthulhoo@gmail.com>	2017-01-22 09:47:20 +0300
commit	7262c1726f1b900d2211d4cfb9054aefb93b991e (patch)
tree	7e9f21a5e61e030352a81711776731d514707bd1 /js/prefs.js
parent	0047f2578f126cb6de2eed928e86ed7340c3854d (diff)
parent	88946d331aad96ecbdf9d570853121e5a7eb07ab (diff)