diff --git a/AddonScript.js b/AddonScript.js
index 28722a63..66dff33f 100644
--- a/AddonScript.js
+++ b/AddonScript.js
@@ -1 +1,6 @@
-console.log("AddonScript.js has loaded.");
+/*
+DO NOT MODIFY THIS FILE,
+IT IS KEPT HERE FOR BACKWARD COMPATIBILITY ONLY
+ */
+
+console.warn("Please update XMOJ-Script!");
\ No newline at end of file
diff --git a/Update.json b/Update.json
index 6fbb2c7b..cc9ed04f 100644
--- a/Update.json
+++ b/Update.json
@@ -2718,6 +2718,43 @@
}
],
"Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click here for more details."
+ },
+ "1.3.1": {
+ "UpdateDate": 1739060055956,
+ "Prerelease": true,
+ "UpdateContents": [
+ {
+ "PR": 774,
+ "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"
+ }
+ ],
+ "Notes": "No release notes were provided for this release."
+ },
+ "1.3.2": {
+ "UpdateDate": 1739187728351,
+ "Prerelease": true,
+ "UpdateContents": [
+ {
+ "PR": 778,
+ "Description": "Change how we load addonscript (transition from GitHub pages to Cloudflare KV) + Fix *that* console error"
+ }
+ ],
+ "Notes": "No release notes were provided for this release."
+ },
+ "1.4.0": {
+ "UpdateDate": 1740147937411,
+ "Prerelease": false,
+ "UpdateContents": [
+ {
+ "PR": 774,
+ "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"
+ },
+ {
+ "PR": 778,
+ "Description": "Change how we load addonscript (transition from GitHub pages to Cloudflare KV) + Fix *that* console error"
+ }
+ ],
+ "Notes": "No release notes were provided for this release."
}
}
}
\ No newline at end of file
diff --git a/XMOJ.user.js b/XMOJ.user.js
index 5e0378a5..61555b20 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -1,6 +1,6 @@
// ==UserScript==
// @name XMOJ
-// @version 1.3.0
+// @version 1.4.0
// @description XMOJ增强脚本
// @author @XMOJ-Script-dev, @langningchen and the community
// @namespace https://github/langningchen
@@ -41,6 +41,19 @@
const CaptchaSiteKey = "0x4AAAAAAALBT58IhyDViNmv";
const AdminUserList = ["zhuchenrui2", "shanwenxiao", "admin"];
+let escapeHTML = (str) => {
+ return str.replace(/[&<>"']/g, function (match) {
+ const escape = {
+ '&': '&',
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": '''
+ };
+ return escape[match];
+ });
+};
+
let PurifyHTML = (Input) => {
try {
return DOMPurify.sanitize(Input, {
@@ -452,10 +465,7 @@ let RequestAPI = (Action, Data, CallBack) => {
try {
CallBack(JSON.parse(Response.responseText));
} catch (Error) {
- console.log(Response.responseText);
- CallBack({
- "Success": false, "Message": "JSON解析错误:" + Error, "Data": null
- });
+ console.error(Response.responseText);
}
}
});
@@ -1140,14 +1150,13 @@ async function main() {
new bootstrap.Modal(document.getElementById("UpdateModal")).show();
}
});
- fetch(ServerURL + "/AddonScript.js", {cache: "no-cache"})
- .then((Response) => {
- return Response.text();
- })
- .then((Response) => {
- eval(Response);
- });
-
+ RequestAPI("GetAddOnScript", {}, (Response) => {
+ if (Response.Success) {
+ eval(Response.Data["Script"]);
+ } else {
+ console.warn("Fetch AddOnScript failed: " + Response.Message);
+ }
+ });
let ToastContainer = document.createElement("div");
ToastContainer.classList.add("toast-container", "position-fixed", "bottom-0", "end-0", "p-3");
document.body.appendChild(ToastContainer);
@@ -3979,7 +3988,7 @@ int main()
Temp = document.querySelector("#problemstatus > tbody").children;
for (let i = 0; i < Temp.length; i++) {
if (Temp[i].children[5].children[0] != null) {
- Temp[i].children[1].innerHTML = `${Temp[i].children[1].innerText.trim()}`;
+ Temp[i].children[1].innerHTML = `${escapeHTML(Temp[i].children[1].innerText.trim())}`;
}
GetUsernameHTML(Temp[i].children[2], Temp[i].children[2].innerText);
Temp[i].children[3].remove();
diff --git a/package.json b/package.json
index f9481ffd..41c38f84 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "xmoj-script",
- "version": "1.3.0",
+ "version": "1.4.0",
"description": "an improvement script for xmoj.tech",
"main": "AddonScript.js",
"scripts": {