CoderLearningCode
diff --git a/‎models/user.js
Lines changed: 0 additions & 2 deletions b/‎models/user.js
Lines changed: 0 additions & 2 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎views/index.html
Lines changed: 2 additions & 2 deletions b/‎views/index.html
Lines changed: 2 additions & 2 deletions
diff --git a/‎views/message/message.html
Lines changed: 10 additions & 10 deletions b/‎views/message/message.html
Lines changed: 10 additions & 10 deletions
diff --git a/‎views/reply/reply.html
Lines changed: 8 additions & 8 deletions b/‎views/reply/reply.html
Lines changed: 8 additions & 8 deletions
diff --git a/‎views/reply/reply2.html
Lines changed: 5 additions & 5 deletions b/‎views/reply/reply2.html
Lines changed: 5 additions & 5 deletions
diff --git a/‎views/sidebar.html
Lines changed: 2 additions & 2 deletions b/‎views/sidebar.html
Lines changed: 2 additions & 2 deletions
diff --git a/‎views/topic/abstract.html
Lines changed: 7 additions & 7 deletions b/‎views/topic/abstract.html
Lines changed: 7 additions & 7 deletions
diff --git a/‎views/topic/index.html
Lines changed: 2 additions & 2 deletions b/‎views/topic/index.html
Lines changed: 2 additions & 2 deletions
diff --git a/‎views/topic/list.html
Lines changed: 3 additions & 3 deletions b/‎views/topic/list.html
Lines changed: 3 additions & 3 deletions
@@ -1,7 +1,6 @@
 var mongoose = require('mongoose');
 var Schema = mongoose.Schema;
 var config = require('../config');
-var sanitize = require('validator').sanitize;
 
 var UserSchema = new Schema({
   name: { type: String, index: true },
@@ -42,7 +41,6 @@ UserSchema.virtual('avatar_url').get(function () {
   if (!avatar_url) {
     avatar_url = config.site_static_host + '/images/user_icon&48.png';
   }
-  avatar_url = sanitize(avatar_url).xss();
   return avatar_url;
 });
 
 
@@ -5,7 +5,7 @@
   "private": true, 
   "dependencies": {
     "express": "2.5.1",
-    "ejs": "0.5.0",
+    "ejs": ">=0.8.0",
     "eventproxy": ">=0.1.0",
     "mongoose": "2.4.1",
     "node-markdown": "0.1.0",
 
@@ -4,7 +4,7 @@
 	<div class='panel'>
 		<div class='moon'>
 			<% if (locals.current_user && current_user.is_admin) { %>
-			<span class='fr'><a href='/tags/edit'><img src='<%- config.site_static_host %>/images/wrench_icon&16.png' title='编辑标签' /></a></span>
+			<span class='fr'><a href='/tags/edit'><img src="<%- config.site_static_host %>/images/wrench_icon&16.png" title='编辑标签' /></a></span>
 			<% } %>
 		</div>
 		<div class='moon_tags'>
@@ -15,7 +15,7 @@
 			<% } %>
 		</div>
 		<div class='header'>
-			<img src='<%- config.site_static_host %>/images/spechbubble_2_icon&16.png' title='话题'/>
+			<img src="<%- config.site_static_host %>/images/spechbubble_2_icon&16.png" title='话题'/>
 
 			<% if (locals.current_user) { %>
 			<a href='/topic/create' class='fr'><button class='btn btn-success fr' id='create_topic_btn'>发布话题</button></a>
 
@@ -5,44 +5,44 @@
 <% } %>
 	<% if(message.type == 'reply'){ %>
 		<span>
-			<a href='/user/<%= message.author.name %>' target='_blank'><%= message.author.name %></a> 
+			<a href="/user/<%= message.author.name %>" target='_blank'><%= message.author.name %></a> 
 			回复了你的话题 
 			<div class='title_wrap'>
-			<a href='/topic/<%= message.topic._id %>' target='_blank'><%= message.topic.title %></a>
+			<a href="/topic/<%= message.topic._id %>" target='_blank'><%= message.topic.title %></a>
 			</div>
 		</span>
 	<% } %>
 	<% if(message.type == 'reply2'){ %>
 		<span>
-			<a href='/user/<%= message.author.name %>' target='_blank'><%= message.author.name %></a> 
+			<a href="/user/<%= message.author.name %>" target='_blank'><%= message.author.name %></a> 
 			在话题 
 			<div class='title_wrap'>
-				<a href='/topic/<%= message.topic._id %>' target='_blank'><%= message.topic.title %></a>
+				<a href="/topic/<%= message.topic._id %>" target='_blank'><%= message.topic.title %></a>
 			</div>
 			中回复了你的回复
 		</span>
 	<% } %>
 	<% if(message.type == 'follow'){ %>
 	<span>
-		<a href='/user/<%= message.author.name %>' target='_blank'><%= message.author.name %></a> 
+		<a href="/user/<%= message.author.name %>" target='_blank'><%= message.author.name %></a> 
 		关注了你 
 	</span>
 	<% } %>
-	<% if(message.type == 'at'){ %>
+	<% if (message.type == 'at'){ %>
 		<span>
-			<a href='/user/<%= message.author.name %>' target='_blank'><%= message.author.name %></a>
+			<a href="/user/<%= message.author.name %>" target='_blank'><%= message.author.name %></a>
 			在话题
 			<div class='title_wrap'>
-				<a href='/topic/<%= message.topic._id %>' target='_blank'><%= message.topic.title %></a>
+				<a href="/topic/<%= message.topic._id %>" target='_blank'><%= message.topic.title %></a>
 			</div>
 			中@了你
 		</span>
 	<% } %>
 
 
-	<% if(message.has_read){ %>
+	<% if (message.has_read) { %>
 	<span class='fr'><img src='<%- config.site_static_host %>/images/checkmark_icon&16.png' title='消息已读'/></span>
-	<% }else{ %>
+	<% } else { %>
 	<span class='fr marked_icon' style='display:none'><img src='<%- config.site_static_host %>/images/checkmark_icon&16.png' title='消息已读'/></span>
 	<a class='fr mark_read_btn' href='javascript:void(0)' style='display:none;'><img src='<%- config.site_static_host %>/images/checkmark_icon&16.png' title='标记为已读'/></a>
 	<% } %>
 
@@ -1,6 +1,6 @@
-<div class='cell reply_area reply_item' id='reply<%= indexInCollection+1 %>' reply_id='<%= reply._id %>'>
+<div class='cell reply_area reply_item' id="reply<%= indexInCollection+1 %>" reply_id="<%= reply._id %>">
 	<div class='user_avatar'>
-		<a href='/user/<%= reply.author.name %>'><img src='<%= reply.author.avatar_url %>' title='<%= reply.author.name %>' /></a>
+		<a href="/user/<%= reply.author.name %>"><img src="<%= reply.author.avatar_url %>" title="<%= reply.author.name %>" /></a>
 	</div>
 	<span class='col_fade fr'>#<%= indexInCollection + 1 %></span>
 
@@ -12,12 +12,12 @@
 			<span class='col_fade'>{<%= reply.replies.length %>}</span>
 			<% } %>
 		</span>
-	<span class='reply_author'><a class='dark' href='/user/<%= reply.author.name %>'><%= reply.author.name %></a></span>
+	<span class='reply_author'><a class='dark' href="/user/<%= reply.author.name %>"><%= reply.author.name %></a></span>
 		<span class='col_fade'>
 			在 <%= reply.friendly_create_at %>回复
-			<% if(locals.current_user && current_user._id.toString() == reply.author._id.toString()){ %>
+			<% if(locals.current_user && current_user._id.toString() == reply.author._id.toString()) { %>
 			<span class='sp10'></span>
-			<a href='javascript:void(0);' class='delete_reply_btn'><img class='user_icon' src='<%- config.site_static_host %>/images/trash_icon&16.png' title='删除' /></a>
+			<a href='javascript:void(0);' class='delete_reply_btn'><img class='user_icon' src="<%- config.site_static_host %>/images/trash_icon&16.png" title='删除' /></a>
 			<% } %>
 		</span>
 	<!-- <div class='sep5'></div> -->
@@ -27,11 +27,11 @@
 	<div class='cl'>
 		<!-- <div class='sep5'></div> -->
 		<div class='reply2_area'>
-			<% if(reply.replies.length >0 ){ %>
+			<% if (reply.replies.length >0) { %>
 			<div class='sep10'></div>
-			<%- partial('reply/reply2',{collection:reply.replies,as:'reply'}) %>
+			<%- partial('reply/reply2',{collection: reply.replies, as: 'reply'}) %>
 			<% } %>
-			<% if(locals.current_user){ %>
+			<% if (locals.current_user) { %>
 			<div class='reply2_editor tabbable' id='reply2_editor-<%= indexInCollection+1 %>'>
 				<div class='sep10'></div>
 				<ul class='nav nav-pills'>
 
@@ -1,18 +1,18 @@
 <div class='cell reply2_item' reply_id='<%= reply._id %>'>
 	<div class='user_avatar'>
-		<a href='/user/<%= reply.author.name %>'><img src='<%= reply.author.avatar_url %>' title='<%= reply.author.name %>' /></a>
+		<a href="/user/<%= reply.author.name %>"><img src="<%= reply.author.avatar_url %>" title="<%= reply.author.name %>" /></a>
 	</div>
-	<span class='reply_author'><a class='dark' href='/user/<%= reply.author.name %>'><%= reply.author.name %></a></span>
+	<span class='reply_author'><a class='dark' href="/user/<%= reply.author.name %>"><%= reply.author.name %></a></span>
 		<span class='fr'>
-			<% if(locals.current_user){ %>
+			<% if (locals.current_user) { %>
 			<a href='javascript:void(0);' class='dark reply2_at_btn'>@回复</a>	
 			<% } %>
 		</span>
 		<span class='col_fade'>
 			在 <%= reply.friendly_create_at %>回复
-			<% if(locals.current_user && current_user._id.toString() == reply.author._id.toString()){ %>
+			<% if (locals.current_user && current_user._id.toString() == reply.author._id.toString()) { %>
 			<span class='sp10'></span>
-			<a href='javascript:void(0)' class='delete_reply2_btn'><img class='user_icon' src='<%- config.site_static_host %>/images/trash_icon&16.png' title='删除' /></a>
+			<a href='javascript:void(0)' class='delete_reply2_btn'><img class='user_icon' src="<%- config.site_static_host %>/images/trash_icon&16.png" title='删除' /></a>
 			<% } %>
 		</span>
 	<!-- <div class='sep5'></div> -->
 
@@ -147,8 +147,8 @@
     </div>
     <% config.side_ads.forEach(function (ad) { %>
     <div class='inner'>
-      <a href='<%- ad.url %>' title='<%= ad.text %>' target='_blank'>
-        <img src='<%- ad.image %>' />
+      <a href="<%- ad.url %>" title="<%= ad.text %>" target='_blank'>
+        <img src="<%- ad.image %>" />
       </a>
     </div>
     <% }); %>
 
@@ -1,16 +1,16 @@
 <div class='cell'>
   <div class='user_avatar'>
-    <a href='/user/<%= topic.author.name %>'>
-      <img src='<%= topic.author.avatar_url %>' title='<%= topic.author.name %>' />
+    <a href="/user/<%= topic.author.name %>">
+      <img src="<%= topic.author.avatar_url %>" title="<%= topic.author.name %>" />
     </a>
   </div>
 
   <div class='topic_wrap'>
     <div class='title_wrap'>
-      <a class='topic_title' href='/topic/<%= topic._id %>'><% if(topic.top){%>[置顶]<% } %><%= topic.title %></a>
+      <a class='topic_title' href="/topic/<%= topic._id %>"><% if (topic.top) {%>[置顶]<% } %><%= topic.title %></a>
     </div>
-    <% if(topic.reply_count >0){ %>
-      <a class='count fr' href='/topic/<%= topic._id %>#reply<%= topic.reply_count %>'><%= topic.reply_count %></a>
+    <% if (topic.reply_count > 0) { %>
+      <a class='count fr' href="/topic/<%= topic._id %>#reply<%= topic.reply_count %>"><%= topic.reply_count %></a>
     <% } %>
     <div class='sep10'></div>
     <div class='sep5'></div>
@@ -23,12 +23,12 @@
       </div>
       <% if(topic.reply){  %>
         <div class='reply_part'>
-          <a class='dark' href='/user/<%= topic.reply.author.name %>'><%= topic.reply.author.name %> </a>
+          <a class='dark' href="/user/<%= topic.reply.author.name %>"><%= topic.reply.author.name %> </a>
           回复于
           <%= topic.reply.friendly_create_at %>
         </div>
       <% }else{ %>
-        <a class='dark' href='/user/<%= topic.author.name %>'><%= topic.author.name %> </a>
+        <a class='dark' href="/user/<%= topic.author.name %>"><%= topic.author.name %> </a>
         <div class='reply_part'>
           创建于 <%= topic.friendly_create_at %>
         </div>
 
@@ -62,12 +62,12 @@ <h3><% if(topic.top){%>[置顶]<% } %><%= topic.title %></h3>
       <% } %>
       <div class='sep5'></div>  
       <span class='col_fade'>
-        <a class='dark' href='/user/<%= topic.author.name %>'><%= topic.author.name %></a> 在 <%= topic.friendly_create_at %>发布
+        <a class='dark' href="/user/<%= topic.author.name %>"><%= topic.author.name %></a> 在 <%= topic.friendly_create_at %>发布
       </span>
       <% if (topic.friendly_create_at != topic.friendly_update_at) { %>
       <div class='sep5'></div>
       <span class='col_fade'>
-        <a class='dark' href='/user/<%= topic.author.name %>'><%= topic.author.name %></a> 在 <%= topic.friendly_update_at %>重新编辑
+        <a class='dark' href="/user/<%= topic.author.name %>"><%= topic.author.name %></a> 在 <%= topic.friendly_update_at %>重新编辑
       </span>
       <% } %>
       <span class='sp10'></span>
 
@@ -5,7 +5,7 @@
 		<% if (current_page == 1) { %>
 		<li class='disabled'><a>«</a></li>
 		<% } else { %>
-		<li><a href='<%= base_url %>1'>«</a></li>
+		<li><a href="<%= base_url %>1">«</a></li>
 		<% } %>
 
 		<%
@@ -36,8 +36,8 @@
 		<% } %>
 	</ul>
 </div>
-<script type='text/javascript'>
-	$(document).ready(function(){
+<script>
+	$(document).ready(function () {
 		var $nav = $('.pagination');
 		var current_page = $nav.attr('current_page');	
 		if (current_page) {