From 9333e21b58b5f118c84bdc965214b875bcdf99f1 Mon Sep 17 00:00:00 2001
From: TypeTheory <104051227+TypeThe0ry@users.noreply.github.com>
Date: Sat, 27 Jun 2026 18:49:08 +0800
Subject: [PATCH] Escape stats HTML fields
---
static/index.html | 39 ++++++++++++++++++++++++++++++++-------
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/static/index.html b/static/index.html
index 5cfbbf9..8b8522b 100755
--- a/static/index.html
+++ b/static/index.html
@@ -1042,6 +1042,29 @@
' +
- '
' + ((self.myUser && self.myUser.username) || '访客') + '分玩法独立积分
' +
+ '
' + escapeHtml((self.myUser && self.myUser.username) || '访客') + '分玩法独立积分
' +
'
' +
'
';
if (self.myUser && self.myUser.uid) {
@@ -1076,17 +1099,19 @@
{{gameTypeName(selectedGameType)}}大厅
var s = self.myScores[gt];
if (!self.myUser || !self.myUser.uid) return '
' + labels[gt] + '访客不记录战绩
';
if (!s) return '
' + labels[gt] + '暂无对局记录
';
- var gamesN = s.games || 0;
- var winRate = gamesN ? Math.round((s.wins || 0) * 1000 / gamesN) / 10 : 0;
- return '
' + labels[gt] + '' + (s.score | 0) + '' + (s.wins | 0) + '胜 / ' + gamesN + '局 · ' + winRate + '%
';
+ var gamesN = formatGames(s.games);
+ var winsN = formatGames(s.wins);
+ var winRate = formatWinRate(winsN, gamesN);
+ return '
' + labels[gt] + '' + formatInt(s.score) + '' + winsN + '胜 / ' + gamesN + '局 · ' + winRate + '%
';
};
var board = function (gt) {
var rows = self.topLists[gt] || [];
if (!rows.length) return '
' + labels[gt] + ' TOP 20
暂无数据
';
var trs = rows.map(function (r, i) {
- var gamesN = r.games || 0;
- var rate = gamesN ? Math.round((r.wins || 0) * 1000 / gamesN) / 10 : 0;
- return '
| ' + (i + 1) + ' | ' + (r.username || ('uid#' + r.uid)) + ' | ' + (r.score | 0) + ' | ' + rate + '% | ' + gamesN + ' |
';
+ var gamesN = formatGames(r.games);
+ var rate = formatWinRate(r.wins, gamesN);
+ var playerName = r.username || ('uid#' + r.uid);
+ return '
| ' + (i + 1) + ' | ' + escapeHtml(playerName) + ' | ' + formatInt(r.score) + ' | ' + rate + '% | ' + gamesN + ' |
';
}).join('');
return '
' + labels[gt] + ' TOP 20
';
};