修复xss的问题，使用a标签代替js跳转

2024-09-21 00:13:18 +00:00 · 2016-04-13 11:27:46 +08:00 · 2016-04-13 11:27:46 +08:00 · 20b51b70c3
commit 20b51b70c3
parent 17131e8085
2 changed files with 10 additions and 4 deletions
--- a/static/src/css/oj.css
+++ b/static/src/css/oj.css
@ -127,4 +127,11 @@ li.problem-tag {

 #tfa-area{
    display: none;
+}
+
+
+li.list-group-item>a{
+    display: inline;
+    padding: 0;
+    margin: 0;
 }
--- a/template/src/oj/problem/problem_list.html
+++ b/template/src/oj/problem/problem_list.html
@ -77,10 +77,9 @@
                    </div>
                    <ul class="list-group">
                        {% for item in tags %}
-                            <li class="list-group-item problem-tag"
-                                onclick="location.href='/problems/?tag={{ item.name }}'">
-                                <span class="badge">{{ item.problem_number }}</span>
-                                {{ item.name }}
+                            <li class="list-group-item problem-tag">
+                            <a href="/problems/?tag={{ item.name }}">{{ item.name }}</a>
+                            <span class="badge">{{ item.problem_number }}</span>
                            </li>
                        {% endfor %}
                    </ul>