From 375f744c6207fb4f6e64a1b4ceb655ce5d5f9651 Mon Sep 17 00:00:00 2001 From: boomzero Date: Sun, 9 Feb 2025 08:12:09 +0800 Subject: [PATCH 1/9] Fix code scanning alert - DOM text reinterpreted as HTML fix #687 --- XMOJ.user.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/XMOJ.user.js b/XMOJ.user.js index 5e0378a5..9f4b742c 100644 --- a/XMOJ.user.js +++ b/XMOJ.user.js @@ -41,6 +41,19 @@ const CaptchaSiteKey = "0x4AAAAAAALBT58IhyDViNmv"; const AdminUserList = ["zhuchenrui2", "shanwenxiao", "admin"]; +let escapeHTML = (str) => { + return str.replace(/[&<>"']/g, function (match) { + const escape = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''' + }; + return escape[match]; + }); +}; + let PurifyHTML = (Input) => { try { return DOMPurify.sanitize(Input, { @@ -3979,7 +3992,7 @@ int main() Temp = document.querySelector("#problemstatus > tbody").children; for (let i = 0; i < Temp.length; i++) { if (Temp[i].children[5].children[0] != null) { - Temp[i].children[1].innerHTML = `${Temp[i].children[1].innerText.trim()}`; + Temp[i].children[1].innerHTML = `${escapeHTML(Temp[i].children[1].innerText.trim())}`; } GetUsernameHTML(Temp[i].children[2], Temp[i].children[2].innerText); Temp[i].children[3].remove(); From cf77a502141c6f3fb99541e7d6de7c604af320e0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 9 Feb 2025 00:14:15 +0000 Subject: [PATCH 2/9] 1.3.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f9481ffd..cf0cc01d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xmoj-script", - "version": "1.3.0", + "version": "1.3.1", "description": "an improvement script for xmoj.tech", "main": "AddonScript.js", "scripts": { From a7c254df97449775104f1e5f187af360c4d7fc53 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 9 Feb 2025 00:14:16 +0000 Subject: [PATCH 3/9] Update version info to 1.3.1 --- Update.json | 11 +++++++++++ XMOJ.user.js | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Update.json b/Update.json index 6fbb2c7b..f0d3fa62 100644 --- a/Update.json +++ b/Update.json @@ -2718,6 +2718,17 @@ } ], "Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click here for more details." + }, + "1.3.1": { + "UpdateDate": 1739060055956, + "Prerelease": true, + "UpdateContents": [ + { + "PR": 774, + "Description": "Fix code scanning alert - DOM text reinterpreted as HTML" + } + ], + "Notes": "No release notes were provided for this release." } } } \ No newline at end of file diff --git a/XMOJ.user.js b/XMOJ.user.js index 9f4b742c..3821580f 100644 --- a/XMOJ.user.js +++ b/XMOJ.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name XMOJ -// @version 1.3.0 +// @version 1.3.1 // @description XMOJ增强脚本 // @author @XMOJ-Script-dev, @langningchen and the community // @namespace https://github/langningchen From 54036d70535c14bce9aa2ea8b91b31e14452142b Mon Sep 17 00:00:00 2001 From: boomzero Date: Mon, 10 Feb 2025 19:37:46 +0800 Subject: [PATCH 4/9] Change how we load addonscript (transition from Github pages to Cloudflare KV) + Fix *that* console error --- AddonScript.js | 7 ++++++- XMOJ.user.js | 20 ++++++++------------ 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/AddonScript.js b/AddonScript.js index 28722a63..66dff33f 100644 --- a/AddonScript.js +++ b/AddonScript.js @@ -1 +1,6 @@ -console.log("AddonScript.js has loaded."); +/* +DO NOT MODIFY THIS FILE, +IT IS KEPT HERE FOR BACKWARD COMPATIBILITY ONLY + */ + +console.warn("Please update XMOJ-Script!"); \ No newline at end of file diff --git a/XMOJ.user.js b/XMOJ.user.js index 3821580f..3b1ac430 100644 --- a/XMOJ.user.js +++ b/XMOJ.user.js @@ -465,10 +465,7 @@ let RequestAPI = (Action, Data, CallBack) => { try { CallBack(JSON.parse(Response.responseText)); } catch (Error) { - console.log(Response.responseText); - CallBack({ - "Success": false, "Message": "JSON解析错误:" + Error, "Data": null - }); + console.error(Response.responseText); } } }); @@ -1153,14 +1150,13 @@ async function main() { new bootstrap.Modal(document.getElementById("UpdateModal")).show(); } }); - fetch(ServerURL + "/AddonScript.js", {cache: "no-cache"}) - .then((Response) => { - return Response.text(); - }) - .then((Response) => { - eval(Response); - }); - + RequestAPI("GetAddOnScript", {}, (Response) => { + if (Response.Success) { + eval(Response.Data["Script"]); + } else { + console.warn("Fetch AddOnScript failed: " + Response.Message); + } + }); let ToastContainer = document.createElement("div"); ToastContainer.classList.add("toast-container", "position-fixed", "bottom-0", "end-0", "p-3"); document.body.appendChild(ToastContainer); From fe514126fc3ebdadf43ede6d72206bddb6c4be5a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 10 Feb 2025 11:41:02 +0000 Subject: [PATCH 5/9] 1.3.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cf0cc01d..36ad9922 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xmoj-script", - "version": "1.3.1", + "version": "1.3.2", "description": "an improvement script for xmoj.tech", "main": "AddonScript.js", "scripts": { From 45468fc2522fcfeab2ae1651f16b4463fa6c4039 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 10 Feb 2025 11:41:03 +0000 Subject: [PATCH 6/9] Update version info to 1.3.2 --- Update.json | 11 +++++++++++ XMOJ.user.js | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Update.json b/Update.json index f0d3fa62..ccac746c 100644 --- a/Update.json +++ b/Update.json @@ -2729,6 +2729,17 @@ } ], "Notes": "No release notes were provided for this release." + }, + "1.3.2": { + "UpdateDate": 1739187662695, + "Prerelease": true, + "UpdateContents": [ + { + "PR": 778, + "Description": "Change how we load addonscript (transition from GitHub pages to Cloudflare KV) + Fix *that* console error" + } + ], + "Notes": "No release notes were provided for this release." } } } \ No newline at end of file diff --git a/XMOJ.user.js b/XMOJ.user.js index 3b1ac430..5c7f43e9 100644 --- a/XMOJ.user.js +++ b/XMOJ.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name XMOJ -// @version 1.3.1 +// @version 1.3.2 // @description XMOJ增强脚本 // @author @XMOJ-Script-dev, @langningchen and the community // @namespace https://github/langningchen From 52f1da55799da16755b3f6ac6c97bf981a7bf4c6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 10 Feb 2025 11:42:08 +0000 Subject: [PATCH 7/9] Update time and description of 1.3.2 --- Update.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Update.json b/Update.json index ccac746c..45b5cb96 100644 --- a/Update.json +++ b/Update.json @@ -2731,7 +2731,7 @@ "Notes": "No release notes were provided for this release." }, "1.3.2": { - "UpdateDate": 1739187662695, + "UpdateDate": 1739187728351, "Prerelease": true, "UpdateContents": [ { From b4f049aec90df224a316bbce90489cab17f68643 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 21 Feb 2025 14:25:37 +0000 Subject: [PATCH 8/9] 1.4.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 36ad9922..41c38f84 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xmoj-script", - "version": "1.3.2", + "version": "1.4.0", "description": "an improvement script for xmoj.tech", "main": "AddonScript.js", "scripts": { From e5403dec154b767a366cfe98c9a16f71cd21605e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 21 Feb 2025 14:25:38 +0000 Subject: [PATCH 9/9] Update to release 1.4.0 --- Update.json | 15 +++++++++++++++ XMOJ.user.js | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Update.json b/Update.json index 45b5cb96..cc9ed04f 100644 --- a/Update.json +++ b/Update.json @@ -2740,6 +2740,21 @@ } ], "Notes": "No release notes were provided for this release." + }, + "1.4.0": { + "UpdateDate": 1740147937411, + "Prerelease": false, + "UpdateContents": [ + { + "PR": 774, + "Description": "Fix code scanning alert - DOM text reinterpreted as HTML" + }, + { + "PR": 778, + "Description": "Change how we load addonscript (transition from GitHub pages to Cloudflare KV) + Fix *that* console error" + } + ], + "Notes": "No release notes were provided for this release." } } } \ No newline at end of file diff --git a/XMOJ.user.js b/XMOJ.user.js index 5c7f43e9..61555b20 100644 --- a/XMOJ.user.js +++ b/XMOJ.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name XMOJ -// @version 1.3.2 +// @version 1.4.0 // @description XMOJ增强脚本 // @author @XMOJ-Script-dev, @langningchen and the community // @namespace https://github/langningchen