diff options
Diffstat (limited to '')
-rw-r--r-- | webclient/room/room.html | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/webclient/room/room.html b/webclient/room/room.html index 87d3458af5..51af54e7b2 100644 --- a/webclient/room/room.html +++ b/webclient/room/room.html @@ -1,6 +1,7 @@ <div ng-controller="RoomController" data-ng-init="onInit()" class="room"> <div class="page"> + <div class="wrapper"> <div class="roomName"> {{ room_alias || room_id }} @@ -12,7 +13,8 @@ <td class="userAvatar"> <img class="userAvatarImage" ng-src="{{info.avatar_url || 'img/default-profile.jpg'}}" width="80" height="80"/> <img class="userAvatarGradient" src="img/gradient.png" width="80" height="24"/> - <div class="userName">{{ info.displayname || name }}</div> + <!-- FIXME: does allowing <wbr/> to be unescaped introduce HTML injections from user IDs and display names? --> + <div class="userName" ng-bind-html="info.displayname || (name.substr(0, name.indexOf(':')) + '<wbr/>' + name.substr(name.indexOf(':'))) | to_trusted"></div> </td> <td class="userPresence" ng-class="info.presenceState === 'online' ? 'online' : (info.presenceState === 'unavailable' ? 'unavailable' : '')" /> </table> @@ -45,6 +47,7 @@ </div> </div> + </div> <div class="controlPanel"> <div class="controls"> @@ -53,7 +56,7 @@ <td width="1"> {{ state.user_id }} </td> - <td width="*"> + <td width="*" style="min-width: 100px"> <input class="mainInput" ng-model="textInput" ng-enter="send()" ng-focus="true"/> </td> <td width="1"> @@ -85,7 +88,5 @@ <button ng-click="leaveRoom()">Leave</button> </div> </div> - - </div> |