diff --git a/includes/types/achievement.class.php b/includes/types/achievement.class.php index 6dd67f52..3ae835eb 100644 --- a/includes/types/achievement.class.php +++ b/includes/types/achievement.class.php @@ -226,7 +226,7 @@ class AchievementList extends BaseType break; } - $criteria .= '- '.Util::jsEscape($crtName); + $criteria .= '- '.$crtName; if ($crt['completionFlags'] & ACHIEVEMENT_CRITERIA_FLAG_MONEY_COUNTER) $criteria .= ' '.Lang::nf($crt['value2' ] / 10000).''; @@ -238,13 +238,13 @@ class AchievementList extends BaseType } $x = '
'; - $x .= Util::jsEscape($name); + $x .= $name; $x .= '
'; if ($description || $criteria) $x .= '
'; if ($description) - $x .= '
'.Util::jsEscape($description).'
'; + $x .= '
'.$description.'
'; if ($criteria) { diff --git a/includes/types/currency.class.php b/includes/types/currency.class.php index 9cc752d0..e79a3406 100644 --- a/includes/types/currency.class.php +++ b/includes/types/currency.class.php @@ -69,11 +69,11 @@ class CurrencyList extends BaseType return array(); $x = '
'; - $x .= ''.Util::jsEscape($this->getField('name', true)).'
'; + $x .= ''.$this->getField('name', true).'
'; // cata+ (or go fill it by hand) if ($_ = $this->getField('description', true)) - $x .= '
'.Util::jsEscape($_).'
'; + $x .= '
'.$_.'
'; if ($_ = $this->getField('cap')) $x .= '
'.Lang::currency('cap').Lang::main('colon').''.Lang::nf($_).'
'; diff --git a/includes/types/itemset.class.php b/includes/types/itemset.class.php index d061f6eb..114ce7c9 100644 --- a/includes/types/itemset.class.php +++ b/includes/types/itemset.class.php @@ -98,19 +98,21 @@ class ItemsetList extends BaseType return array(); $x = '
'; - $x .= ''.Util::jsEscape($this->getField('name', true)).'
'; + $x .= ''.$this->getField('name', true).'
'; - $nClasses = 0; + $nCl = 0; if ($_ = $this->getField('classMask')) { - $cl = Lang::getClassString($_, $__, $nClasses); - $x .= Util::ucFirst($nClasses > 1 ? Lang::game('classes') : Lang::game('class')).Lang::main('colon').$cl.'
'; + $jsg = []; + $cl = Lang::getClassString($_, $jsg); + $nCl = count($jsg); + $x .= Util::ucFirst($nCl > 1 ? Lang::game('classes') : Lang::game('class')).Lang::main('colon').$cl.'
'; } if ($_ = $this->getField('contentGroup')) - $x .= Util::jsEscape(Lang::itemset('notes', $_)).($this->getField('heroic') ? ' ('.Lang::item('heroic').')' : '').'
'; + $x .= Lang::itemset('notes', $_).($this->getField('heroic') ? ' ('.Lang::item('heroic').')' : '').'
'; - if (!$nClasses || !$this->getField('contentGroup')) + if (!$nCl || !$this->getField('contentGroup')) $x.= Lang::itemset('types', $this->getField('type')).'
'; if ($bonuses = $this->getBonuses()) @@ -118,7 +120,7 @@ class ItemsetList extends BaseType $x .= ''; foreach ($bonuses as $b) - $x .= '
'.$b['bonus'].' '.Lang::itemset('_pieces').Lang::main('colon').''.Util::jsEscape($b['desc']); + $x .= '
'.$b['bonus'].' '.Lang::itemset('_pieces').Lang::main('colon').''.$b['desc']; $x .= ''; } diff --git a/includes/types/skill.class.php b/includes/types/skill.class.php index 3a76b070..a3609812 100644 --- a/includes/types/skill.class.php +++ b/includes/types/skill.class.php @@ -54,11 +54,11 @@ class SkillList extends BaseType 'category' => $this->curTpl['typeCat'], 'categorybak' => $this->curTpl['categoryId'], 'id' => $this->id, - 'name' => Util::jsEscape($this->getField('name', true)), + 'name' => $this->getField('name', true), 'profession' => $this->curTpl['professionMask'], 'recipeSubclass' => $this->curTpl['recipeSubClass'], 'specializations' => Util::toJSON($this->curTpl['specializations'], JSON_NUMERIC_CHECK), - 'icon' => Util::jsEscape($this->curTpl['iconString']) + 'icon' => $this->curTpl['iconString'] ); } @@ -70,7 +70,7 @@ class SkillList extends BaseType $data = []; foreach ($this->iterate() as $__) - $data[self::$type][$this->id] = ['name' => Util::jsEscape($this->getField('name', true)), 'icon' => Util::jsEscape($this->curTpl['iconString'])]; + $data[self::$type][$this->id] = ['name' => $this->getField('name', true), 'icon' => $this->curTpl['iconString']]; return $data; } diff --git a/includes/types/sound.class.php b/includes/types/sound.class.php index 75eba6c5..07deb4a0 100644 --- a/includes/types/sound.class.php +++ b/includes/types/sound.class.php @@ -90,7 +90,7 @@ class SoundList extends BaseType foreach ($this->iterate() as $__) $data[self::$type][$this->id] = array( - 'name' => Util::jsEscape($this->getField('name', true)), + 'name' => $this->getField('name', true), 'type' => $this->getField('cat'), 'files' => array_values(array_filter($this->getField('files'))) ); diff --git a/includes/types/worldevent.class.php b/includes/types/worldevent.class.php index bdf8ceb1..f4954f0c 100644 --- a/includes/types/worldevent.class.php +++ b/includes/types/worldevent.class.php @@ -175,7 +175,7 @@ class WorldEventList extends BaseType $x = '
'; // head v that extra % is nesecary because we are using sprintf later on - $x .= '
'.Util::jsEscape($this->getField('name', true)).''.Lang::event('category', $this->getField('category')).'
'; + $x .= '
'.$this->getField('name', true).''.Lang::event('category', $this->getField('category')).'
'; // use string-placeholder for dates // start @@ -188,7 +188,7 @@ class WorldEventList extends BaseType // desc if ($this->getField('holidayId')) if ($_ = $this->getField('description', true)) - $x .= '
'.Util::jsEscape($_).'
'; + $x .= '
'.$_.'
'; return $x; } diff --git a/static/js/basic.js b/static/js/basic.js index 46758474..c4b5aa28 100644 --- a/static/js/basic.js +++ b/static/js/basic.js @@ -507,6 +507,8 @@ $WH.sc = function(z, y, x, w, v) { a.setDate(a.getDate() + y); b += "expires=" + a.toUTCString() + "; "; + b += "SameSite=strict;"; + if (w) { b += "path=" + w + "; "; }