NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix bug where we don't percent encode parts of the widget iframe URL

Browse source
This commit is contained in:
Eric Schultz 2020-04-17 11:33:13 -05:00 committed by Eric Schultz
parent 2ac9959748
commit 24b47c719b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/javascript/legacy/widget/donate-button.v2.js
View file

@ -81,7 +81,7 @@ commitchange.createIframe = (source) => {
let i = document.createElement('iframe') let i = document.createElement('iframe')
const url = document.location.href const url = document.location.href
i.setAttribute('class', 'commitchange-closed commitchange-iframe') i.setAttribute('class', 'commitchange-closed commitchange-iframe')
i.src = source + "&origin=" + url i.src = encodeURI(source + "&origin=" + url)
return i return i
} }
@ -158,7 +158,7 @@ commitchange.appendMarkup = () => {
let btn_iframe = document.createElement('iframe') let btn_iframe = document.createElement('iframe')
let btn_src = fullHost + "/nonprofits/" + nonprofitID + "/btn" let btn_src = fullHost + "/nonprofits/" + nonprofitID + "/btn"
if(elem.hasAttribute('data-fixed')) { btn_src += '?fixed=t' } if(elem.hasAttribute('data-fixed')) { btn_src += '?fixed=t' }
btn_iframe.src = btn_src btn_iframe.src = encodeURI(btn_src)
btn_iframe.className = 'commitchange-btn-iframe' btn_iframe.className = 'commitchange-btn-iframe'
btn_iframe.setAttribute('scrolling', 'no') btn_iframe.setAttribute('scrolling', 'no')
btn_iframe.setAttribute('seamless', 'seamless') btn_iframe.setAttribute('seamless', 'seamless')