Merge pull request #775 from XMOJ-Script-dev/dev

boomzero · web-flow · commit c19f16e2a225 · 2025-02-09T11:36:01.000+08:00
sync: dev to extern-contrib
diff --git a/Update.json b/Update.json
@@ -2718,6 +2718,17 @@
                 }
             ],
             "Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click <a href=\"https://github.com/orgs/XMOJ-Script-dev/discussions/771\"> here </a> for more details."
+        },
+        "1.3.1": {
+            "UpdateDate": 1739060055956,
+            "Prerelease": true,
+            "UpdateContents": [
+                {
+                    "PR": 774,
+                    "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"
+                }
+            ],
+            "Notes": "No release notes were provided for this release."
         }
     }
 }
diff --git a/XMOJ.user.js b/XMOJ.user.js
@@ -1,6 +1,6 @@
 // ==UserScript==
 // @name         XMOJ
-// @version      1.3.0
+// @version      1.3.1
 // @description  XMOJ增强脚本
 // @author       @XMOJ-Script-dev, @langningchen and the community
 // @namespace    https://github/langningchen
@@ -41,6 +41,19 @@
 const CaptchaSiteKey = "0x4AAAAAAALBT58IhyDViNmv";
 const AdminUserList = ["zhuchenrui2", "shanwenxiao", "admin"];
 
+let escapeHTML = (str) => {
+    return str.replace(/[&<>"']/g, function (match) {
+        const escape = {
+            '&': '&amp;',
+            '<': '&lt;',
+            '>': '&gt;',
+            '"': '&quot;',
+            "'": '&#39;'
+        };
+        return escape[match];
+    });
+};
+
 let PurifyHTML = (Input) => {
     try {
         return DOMPurify.sanitize(Input, {
@@ -3979,7 +3992,7 @@ int main()
                     Temp = document.querySelector("#problemstatus > tbody").children;
                     for (let i = 0; i < Temp.length; i++) {
                         if (Temp[i].children[5].children[0] != null) {
-                            Temp[i].children[1].innerHTML = `<a href="${Temp[i].children[5].children[0].href}">${Temp[i].children[1].innerText.trim()}</a>`;
+                            Temp[i].children[1].innerHTML = `<a href="${Temp[i].children[5].children[0].href}">${escapeHTML(Temp[i].children[1].innerText.trim())}</a>`;
                         }
                         GetUsernameHTML(Temp[i].children[2], Temp[i].children[2].innerText);
                         Temp[i].children[3].remove();
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xmoj-script",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "description": "an improvement script for xmoj.tech",
   "main": "AddonScript.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -2718,6 +2718,17 @@`
`2718`	`2718`	`}`
`2719`	`2719`	`],`
`2720`	`2720`	`"Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click <a href=\"https://github.com/orgs/XMOJ-Script-dev/discussions/771\"> here </a> for more details."`
	`2721`	`+ },`
	`2722`	`+ "1.3.1": {`
	`2723`	`+ "UpdateDate": 1739060055956,`
	`2724`	`+ "Prerelease": true,`
	`2725`	`+ "UpdateContents": [`
	`2726`	`+ {`
	`2727`	`+ "PR": 774,`
	`2728`	`+ "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"`
	`2729`	`+ }`
	`2730`	`+ ],`
	`2731`	`+ "Notes": "No release notes were provided for this release."`
`2721`	`2732`	`}`
`2722`	`2733`	`}`
`2723`	`2734`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "xmoj-script",`
`3`		`- "version": "1.3.0",`
	`3`	`+ "version": "1.3.1",`
`4`	`4`	`"description": "an improvement script for xmoj.tech",`
`5`	`5`	`"main": "AddonScript.js",`
`6`	`6`	`"scripts": {`