summary refs log tree commit diff
path: root/webclient/room/room.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--webclient/room/room.html9
1 files changed, 5 insertions, 4 deletions
diff --git a/webclient/room/room.html b/webclient/room/room.html
index 87d3458af5..51af54e7b2 100644
--- a/webclient/room/room.html
+++ b/webclient/room/room.html
@@ -1,6 +1,7 @@
 <div ng-controller="RoomController" data-ng-init="onInit()" class="room">
 
     <div class="page">
+    <div class="wrapper">
 
     <div class="roomName">
         {{ room_alias || room_id }}
@@ -12,7 +13,8 @@
                 <td class="userAvatar">
                     <img class="userAvatarImage" ng-src="{{info.avatar_url || 'img/default-profile.jpg'}}" width="80" height="80"/>
                     <img class="userAvatarGradient" src="img/gradient.png" width="80" height="24"/>
-                    <div class="userName">{{ info.displayname || name }}</div>
+                    <!-- FIXME: does allowing <wbr/> to be unescaped introduce HTML injections from user IDs and display names? -->
+                    <div class="userName" ng-bind-html="info.displayname || (name.substr(0, name.indexOf(':')) + '<wbr/>' + name.substr(name.indexOf(':'))) | to_trusted"></div>
                 </td>
                 <td class="userPresence" ng-class="info.presenceState === 'online' ? 'online' : (info.presenceState === 'unavailable' ? 'unavailable' : '')" />
         </table>
@@ -45,6 +47,7 @@
     </div>
     
     </div>
+    </div>
 
     <div class="controlPanel">
         <div class="controls">
@@ -53,7 +56,7 @@
                     <td width="1">
                         {{ state.user_id }} 
                     </td>
-                    <td width="*">
+                    <td width="*" style="min-width: 100px">
                         <input class="mainInput" ng-model="textInput" ng-enter="send()" ng-focus="true"/>
                     </td>
                     <td width="1">
@@ -85,7 +88,5 @@
             <button ng-click="leaveRoom()">Leave</button>
         </div>
     </div>
-    
-    
 
  </div>