Skip to Content
Last modified by Super Admin on 2026/04/05 18:59
From version Icon 99.1 Icon
edited by Super Admin
on 2026/03/21 15:56
Change comment: There is no comment for this version
To version Icon 106.1 Icon
edited by Super Admin
on 2026/03/22 02:12
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -1557,7 +1557,15 @@
1557 1557   };
1558 1558   var toast = document.createElement('div');
1559 1559   toast.className = 'toast toast-' + type;
1560 - toast.innerHTML = (icons[type] || '') + '<span>' + message + '</span>';
1560 + var iconSvg = icons[type] || '';
1561 + if (iconSvg) {
1562 + var iconSpan = document.createElement('span');
1563 + iconSpan.innerHTML = iconSvg;
1564 + toast.appendChild(iconSpan);
1565 + }
1566 + var msgSpan = document.createElement('span');
1567 + msgSpan.textContent = message;
1568 + toast.appendChild(msgSpan);
1561 1561   container.appendChild(toast);
1562 1562   setTimeout(function() { toast.remove(); }, 3200);
1563 1563  }
... ... @@ -1596,6 +1596,7 @@
1596 1596   var html = '<textarea id="editContent_' + postObjNum + '">' + currentContent.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;') + '</textarea>';
1597 1597  
1598 1598   // コメント以外は添付ファイル編集を表示
1607 + function escAttr(s) { return s.replace(/&/g,'&amp;').replace(/"/g,'&quot;').replace(/'/g,'&#39;').replace(/</g,'&lt;').replace(/>/g,'&gt;'); }
1599 1599   if (postType !== 'comment') {
1600 1600   // 既存画像
1601 1601   html += '<div class="edit-attachments">';
... ... @@ -1605,10 +1605,10 @@
1605 1605   for (var i = 0; i < imgs.length; i++) {
1606 1606   var img = imgs[i].trim();
1607 1607   if (!img) continue;
1608 - html += '<div class="edit-attach-item" data-name="' + img.replace(/"/g,'&quot;') + '">' +
1617 + html += '<div class="edit-attach-item" data-name="' + escAttr(img) + '">' +
1609 1609   '<img src="/xwiki/bin/download/' + schoolPage.replace(/\./g,'/') + '/' + encodeURIComponent(img) + '" class="edit-attach-thumb" />' +
1610 1610   '<button type="button" class="edit-attach-remove" onclick="removeEditAttach(this)" title="削除">✕</button>' +
1611 - '<input type="hidden" name="keepImages" value="' + img.replace(/"/g,'&quot;') + '" />' +
1620 + '<input type="hidden" name="keepImages" value="' + escAttr(img) + '" />' +
1612 1612   '</div>';
1613 1613   }
1614 1614   html += '</div>';
... ... @@ -1622,10 +1622,10 @@
1622 1622   if (!f) continue;
1623 1623   var displayName = f;
1624 1624   if (/^file_\d{14}_\d+_/.test(f)) displayName = f.replace(/^file_\d{14}_\d+_/, '');
1625 - html += '<div class="edit-attach-item" data-name="' + f.replace(/"/g,'&quot;') + '">' +
1626 - '<span class="edit-attach-fname">' + displayName.replace(/</g,'&lt;').replace(/>/g,'&gt;') + '</span>' +
1634 + html += '<div class="edit-attach-item" data-name="' + escAttr(f) + '">' +
1635 + '<span class="edit-attach-fname">' + escAttr(displayName) + '</span>' +
1627 1627   '<button type="button" class="edit-attach-remove" onclick="removeEditAttach(this)" title="削除">✕</button>' +
1628 - '<input type="hidden" name="keepFiles" value="' + f.replace(/"/g,'&quot;') + '" />' +
1637 + '<input type="hidden" name="keepFiles" value="' + escAttr(f) + '" />' +
1629 1629   '</div>';
1630 1630   }
1631 1631   html += '</div>';