diff options
Diffstat (limited to '')
-rw-r--r-- | webclient/room/room.html | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/webclient/room/room.html b/webclient/room/room.html index f08cb61763..5712ce9b4f 100644 --- a/webclient/room/room.html +++ b/webclient/room/room.html @@ -9,15 +9,14 @@ <div id="usersTableWrapper"> <table id="usersTable"> - <tr ng-repeat="(name, info) in members"> + <tr ng-repeat="member in members | orderMembersList"> <td class="userAvatar"> - <img class="userAvatarImage" ng-src="{{info.avatar_url || 'img/default-profile.jpg'}}" width="80" height="80"/> + <img class="userAvatarImage" ng-src="{{member.avatar_url || 'img/default-profile.jpg'}}" width="80" height="80"/> <img class="userAvatarGradient" src="img/gradient.png" width="80" height="24"/> - <!-- FIXME: does allowing <wbr/> to be unescaped introduce HTML injections from user IDs and display names? --> - <div class="userName" ng-bind-html="info.displayname || (name.substr(0, name.indexOf(':')) + '<wbr/>' + name.substr(name.indexOf(':'))) | to_trusted"></div> + <div class="userName">{{ member.displayname || member.id.substr(0, member.id.indexOf(':')) }}<wbr/>{{ member.displayname ? "" : member.id.substr(member.id.indexOf(':')) }}</div> </td> - <td class="userPresence" ng-class="info.presenceState === 'online' ? 'online' : (info.presenceState === 'unavailable' ? 'unavailable' : '')"> - {{ info.mtime_age | duration }} {{ info.mtime_age ? "ago" : "" }} + <td class="userPresence" ng-class="member.presenceState === 'online' ? 'online' : (member.presenceState === 'unavailable' ? 'unavailable' : '')"> + {{ member.mtime_age | duration }} {{ member.mtime_age ? "ago" : "" }} </td> </table> </div> |