Bug fix: Fix broken confirmation forms due to 'DOMNodeInserted' removal

AgustinSRG · Aug 2, 2024 · c6b1bef · c6b1bef
1 parent 3d8e975
commit c6b1bef
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 24 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "showdown-chatbot",
-  "version": "2.11.3",
+  "version": "2.11.4",
   "author": {
     "name": "Agustin San Roman",
     "email": "[email protected]",

diff --git a/src/server/html-maker.js b/src/server/html-maker.js
@@ -31,7 +31,7 @@ exports.generate = function (body, loginData, menu, options) {
 		}
 	}
 
-	buf += '<script type="text/javascript" src="/static/csrf-protect.js"></script>';
+	buf += '<script type="text/javascript" src="/static/csrf-protect-v2.js"></script>';
 
 	if (options.scripts) {
 		for (let i = 0; i < options.scripts.length; i++) {

diff --git a/static/csrf-protect.js → static/csrf-protect-v2.js b/static/csrf-protect.js → static/csrf-protect-v2.js
@@ -6,37 +6,38 @@ function getCookie(name) {
     if (parts.length == 2) return parts.pop().split(";").shift();
 }
 
-document.addEventListener("DOMContentLoaded", function () {
-    if (window.$) {
-        $(document).bind('ajaxSend', function (elm, xhr, s) {
-            if (s.type != 'GET') {
-                xhr.setRequestHeader('x-csrf-token', getCookie("usertoken"));
-            }
-        });
-    }
-
+function updateForms() {
     var forms = document.getElementsByTagName("form");
     for (var i = 0; i < forms.length; i++) {
         var form = forms[i];
-        if ((form.method + "").toLowerCase() === "post") {
-            var input = document.createElement("input");
-            input.type = "hidden";
-            input.name = "x-csrf-token";
-            input.value = getCookie("usertoken");
-            form.appendChild(input);
+
+        if (form.csrf_modified) {
+            continue;
         }
-    }
-});
 
-document.addEventListener('DOMNodeInserted', function(e) {
-    if (e.target.localName === "form") {
-        var form = e.target;
         if ((form.method + "").toLowerCase() === "post") {
             var input = document.createElement("input");
             input.type = "hidden";
             input.name = "x-csrf-token";
             input.value = getCookie("usertoken");
             form.appendChild(input);
         }
+
+        form.csrf_modified = "true";
     }
+}
+
+document.addEventListener("DOMContentLoaded", function () {
+    if (window.$) {
+        $(document).bind('ajaxSend', function (elm, xhr, s) {
+            if (s.type != 'GET') {
+                xhr.setRequestHeader('x-csrf-token', getCookie("usertoken"));
+            }
+        });
+    }
+
+    updateForms();
+
+    var observer = new MutationObserver(updateForms);
+    observer.observe(document.querySelector("body"), { childList: true, subtree: true, attributes: false });
 });