Merge pull request #1 from ParthS007/cleanup

Code cleanup: Fix security vulnerabilities, conflicts and other inconsistencies

static/js/authentication/controllers/logout.controller.js

@@ -15,7 +15,6 @@
      * @namespace LoginController
      */
     function LogoutController($window, $location, $state, $stateParams, $scope, $rootScope, Authentication) {
-        var vm = this;
 
         $rootScope.closeWebSocket();
         Authentication.logout();

static/js/authentication/controllers/register.controller.js

@@ -92,18 +92,6 @@
                     // return deferred.promise;
                 }
 
-                function getResults(address) {
-                    // var deferred = $q.defer();
-                    // if (address) {
-                    //     PlaceService.getPlacePredictions({input: address}, function (data) {
-                    //         deferred.resolve(data);
-                    //     });
-                    // } else {
-                    //     deferred.resolve('');
-                    // }
-                    // return deferred.promise;
-                }
-
                 function getAddress() {
                     // if (self.addressSearchValue !== "" && self.address_text === null) {
                     //     self.autocompleteError = true;

static/js/crowdsource.config.js

@@ -35,12 +35,6 @@
             "A400": "#404893", "A700": "#141a5f"
         });
 
-        var customYellow = $mdThemingProvider.extendPalette('yellow', {
-            "50": "#fffef3", "100": "#fffbdb", "200": "#fff9c4", "300": "#fff6b0",
-            "400": "#fff49c", "500": "#fff288", "600": "#dfd477", "700": "#bfb666",
-            "800": "#9f9755", "900": "#807944", "A100": "#fffbdb", "A200": "#fff9c4",
-            "A400": "#fff49c", "A700": "#bfb666"
-        });
         var customOrange = $mdThemingProvider.extendPalette('orange', {
             "50": "#fffef3", "100": "#fffbdb", "200": "#fff9c4", "300": "#fff6b0",
             "400": "#fff49c", "500": "#EB7F00", "600": "#dfd477", "700": "#bfb666",

static/js/crowdsource.interceptor.js

@@ -15,7 +15,6 @@
     function AuthHttpResponseInterceptor($log, $injector, $q) {
         return {
             responseError: function (rejection) {
-                var $http = $injector.get('$http');
                 var $state = $injector.get('$state');
                 if (rejection.status === 403) {
                     if (rejection.hasOwnProperty('data')

static/js/crowdsource.js

@@ -125,6 +125,6 @@ function run($http, $rootScope, $state, $location, $window, $websocket, $interva
 
     $window.onbeforeunload = function (evt) {
         $rootScope.closeWebSocket();
-    }
+    };
 
 }

static/js/crowdsource.routes.js

@@ -174,11 +174,6 @@
             controllerAs: 'user'
         };
 
-        var requesterProfile = {
-            templateUrl: '/static/templates/requester/home.html',
-            controller: 'RequesterProfileController'
-        };
-
         var paymentCreditCard = {
             controller: 'PaymentController',
             controllerAs: 'payment',

static/js/layout/controllers/home-routing.controller.js

@@ -15,7 +15,6 @@
      * @namespace HomeRoutingController
      */
     function HomeRoutingController($scope, $rootScope, $state, Authentication) {
-        var self = this;
 
         $scope.isLoggedIn = Authentication.isAuthenticated();
         $scope.account = Authentication.getAuthenticatedAccount();

static/js/project/controllers/project-review.controller.js

@@ -88,7 +88,7 @@
                     $mdToast.showSimple('Could not fetch workers to rate.');
                 }
             ).finally(function () {
-                getWorkerDemographics(self.resolvedData.id);
+                getWorkerDemographics();
                 if (self.resolvedData.is_prototype) {
                     getWorkerFeedback();
                 }

static/js/project/controllers/project.controller.js

@@ -462,8 +462,6 @@
 
         var timeouts = {};
 
-        var timeout;
-
         $scope.$watch('project.project', function (newValue, oldValue) {
             if (self.project.status != self.status.STATUS_DRAFT)
                 return;
@@ -1087,7 +1085,6 @@
             if (!validate($event)) return;
 
             self.publishing = true;
-            var publishText = self.resumeButtonText;
             self.resumeButtonText = 'Publishing...';
             Project.publish(self.project.id, {status: self.status.STATUS_IN_PROGRESS}).then(
                 function success(response) {

static/js/task-feed/controllers/task-feed.controller.js

@@ -19,8 +19,6 @@
     function TaskFeedController($window, $state, $scope, $mdToast, TaskFeed,
                                 $filter, Authentication, TaskWorker, Project, $rootScope, $stateParams, $mdMedia) {
 
-        var userAccount = Authentication.getAuthenticatedAccount();
-
         var self = this;
         self.sortBy = '-';
         // $scope.screenIsSmall = $mdMedia('sm');
@@ -148,7 +146,6 @@
                         project.show_preview = true;
                     },
                     function error(errData) {
-                        var err = errData[0];
                         $mdToast.showSimple('Error fetching preview.');
                     }
                 ).finally(function () {

static/js/template/controllers/template.controller.js

@@ -83,7 +83,6 @@
             });
 
             var field = angular.copy(component);
-            var curId = generateId();
 
             field.name = ''; //'item' + curId;
             field.aux_attributes = item.aux_attributes;
@@ -156,7 +155,6 @@
             }
 
             var field = angular.copy(component);
-            var curId = generateId();
             field.name = ''; //'item' + curId;
             field.isNew = true;
 
@@ -198,11 +196,6 @@
         }
 
 
-        function generateId() {
-            return '' + ++idGenIndex;
-        }
-
-
         function replaceAll(find, replace, str) {
             return str.replace(new RegExp(find, 'g'), replace);
         }

static/js/template/directives/template.directive.js

@@ -50,7 +50,7 @@
 
                 function addParam(url, param, value) {
                     var a = document.createElement('a'), regex = /(?:\?|&|&)+([^=]+)(?:=([^&]*))*/gi;
-                    var params = {}, match, str = [];
+                    var match, str = [];
                     a.href = url;
                     while (match = regex.exec(a.search))
                         if (encodeURIComponent(param) != match[1])

static/js/user/controllers/user.controller.js

@@ -297,7 +297,7 @@
                         });
 
                     if (city !== undefined) {
-                        user.location.city = city.long_name
+                        user.location.city = city.long_name;
                     }
 
                     var country = _.find(result.address_components,

static/js/user/services/user.service.js

@@ -13,7 +13,6 @@
 
 
     function User($http, HttpService) {
-        var baseUrl = HttpService.apiPrefix + '/users/';
         return {
             getProfile: getProfile,
             getPublicProfile: getPublicProfile,
@@ -209,10 +208,6 @@
             return HttpService.doRequest(settings);
         }
 
-        function getAccessList(type) {
-
-        }
-
         function isProfileComplete() {
             var settings = {
                 url: '/api/profile/is-complete/',

static/templates/authentication/register.html

@@ -25,7 +25,7 @@ <h3>Sign Up</h3>
     <div layout="row">
         <md-input-container flex="50" class="md-input-has-placeholder">
             <label>Email</label>
-            <input name="email" type="email" required ng-model="register.email" name="email"
+            <input name="email" type="email" required ng-model="register.email"
                    ng-change="form.email.$setValidity('backend', true)">
 
             <div ng-if="form.email.$touched||register.submitted" ng-messages="form.email.$error">

static/templates/authentication/reset-password.html

@@ -1,5 +1,5 @@
 <div  layout="row" flex="50" layout-align="center center" class="_main-content">
-    <md-content class="authentication-form _main-content-body" layout-padding class="md-gray-theme"
+    <md-content class="authentication-form _main-content-body md-gray-theme" layout-padding
                 layout-align="center center" layout="column">
         <h3 id="form-header">Reset Password</h3>
         <form name="form">

static/templates/project/authoring.html

@@ -106,7 +106,7 @@
             <md-list-item class="md-line-2 layout-row layout-align-start-center"
                           ng-repeat="file in project.project.batch_files">
                 <div class="md-list-item-text">
-                    <div><a class="_file-upload" href="{{ file.file }}" target="_blank" download="">{{ file.name }}</a>
+                    <div><a class="_file-upload" ng-href="{{ file.file }}" target="_blank" download="" rel="noopener noreferrer">{{ file.name }}</a>
                         ({{ file.size }}, {{ file.number_of_rows }} rows)
                     </div>
                 </div>
@@ -171,7 +171,7 @@
                     <div ng-if="project.submittedTasksCount > 0" class="_secondary-text">
                         You have tasks that are submitted but not yet approved. We collect funds to cover these
                         unapproved tasks in case they are returned to the marketplace. <a
-                            href="{{ '/project-review/' + project.project.id }}">Approving
+                            ng-href="{{ '/project-review/' + project.project.id }}">Approving
                         submitted work</a> for this project first will save you money.
                     </div>
                     <br/>

static/templates/project/submission-review-tabular.html

@@ -240,8 +240,8 @@
 
                                 <td ng-repeat="item in task.task_template.template.items" ng-if="item.role=='input'">
                                     <div ng-if="item.type=='file_upload'">
-                                        <a href="{{ item.answer.url }}" target="_blank"
-                                           download="">{{ item.answer.name }}</a>
+                                        <a ng-href="{{ item.answer.url }}" target="_blank"
+                                           download="" rel="noopener noreferrer">{{ item.answer.name }}</a>
                                     </div>
                                     <div ng-if="item.type!=='file_upload' && item.type!=='checkbox'">
                                         {{ item.answer }}
@@ -363,8 +363,8 @@
 
                             <td ng-repeat="item in task.task_template.template.items" ng-if="item.role=='input'">
                                 <div ng-if="item.type=='file_upload'">
-                                    <a href="{{ item.answer.url }}" target="_blank"
-                                       download="">{{ item.answer.name }}</a>
+                                    <a ng-href="{{ item.answer.url }}" target="_blank"
+                                       download="" rel="noopener noreferrer">{{ item.answer.name }}</a>
                                 </div>
                                 <div ng-if="item.type!=='file_upload'">
                                     {{ item.answer }}

static/templates/template/components/media.html

@@ -12,5 +12,5 @@
 </iframe>
 <div ng-if="item.type=='iframe'" class="layout-row layout-align-start-center">
     <div><md-icon md-font-set="material-icons md-16" style="min-height: 16px">open_in_new</md-icon></div>
-    <div style="font-size: small;">Open in a  <a target="_blank" href="{{ instance.getTrustedUrl(item.aux_attributes.src) }}">new tab</a></div>
+    <div style="font-size: small;">Open in a  <a target="_blank" ng-href="{{ instance.getTrustedUrl(item.aux_attributes.src) }}" rel="noopener noreferrer">new tab</a></div>
 </div>