Refactored AJAX request, putting armor against XSS

This commit is contained in:
alisolarflare 2017-06-15 12:29:14 -06:00
parent 27aaadec25
commit 9c47280931

View file

@ -5,29 +5,59 @@ https://www.youtube.com/watch?v=h0ZUpPiV1ac
window.onload = function(){ window.onload = function(){
const serverPath = "https://server.figytuna.com:8080/ali/hello/"; const serverPath = "https://server.figytuna.com:8080/ali/hello/";
const pages = [ const pages = {
"unsafe": [
"World", "World",
"Data", "Data",
"Post"
],
"html":[
"Location",
"Players", "Players",
"Location"
] ]
}
//Generate HTML table //Generate HTML table
for (const pagePath of pages){ for (const pageType in pages){
for (const pagePath of pages[pageType]){
//Adds new table row based on the data request //Adds new table row based on the data request
const $newTableRow = $("<tr>" const $newTableRow = $("<tr>"
+ "<td>Hello " + pagePath + "</td>" + "<td>Hello " + pagePath + "</td>"
+ "<td id=\"hello-"+ pagePath.toLowerCase() + "\"></td>" + "<td id=\"hello-"+ pagePath.toLowerCase() + "\"></td>"
+ "</tr>"); + "</tr>");
console.log(pagePath + " added");
//Appends new table row to table //Appends new table row to table
$("#hello-table").after($newTableRow); $("#hello-table").append($newTableRow);
}
} }
//Gets Table data from server dataRequest = function(pagePath, pageType, requestType){
for (const pagePath of pages){ $.ajax({
$.get(serverPath + pagePath.toLowerCase(), function(data){ type: requestType,
console.log(pagePath + "|" + data); url: serverPath + pagePath.toLowerCase(),
document.getElementById("hello-" + pagePath.toLowerCase()).innerHTML = data; timeout: 2000,
beforeSend: function(data){
$("#hello-" + pagePath.toLowerCase()).html("<em>Loading...</em>");
},
success: function(data){
$element = $("#hello-" + pagePath.toLowerCase())
if (pageType == "html"){
$element.html($data);
}else{
$element.text($data);
}
},
error: function(e){
$("#hello-" + pagePath.toLowerCase()).html("<em>Error " + e.status + " " + e.statusText + "</em>");
}
}); });
} }
//Gets Table data from server
for (const pagePath of pages["html"]){
dataRequest(pagePath, "safe", "GET");
}
for (const pagePath of pages["unsafe"]){
dataRequest(pagePath, "unsafe", "GET");
}
} }