in src/assets/js/main.js [660:741]
$.fn.rss_feed = function (options) {
var settings = $.extend(
{
container:
'<a href="" class="cell small-12 large-4 tile illustrated-tile tile-block-link no-img"><div class="block-link"></div></a>',
breakpoint: 'atleast_large',
num: 3,
},
options
);
var $container = this;
function handleFeedXml(doc) {
var $xml = $(doc);
var i = settings.num;
$xml.find('item').each(function () {
if (i--) {
var $this = $(this),
item = {
title: $this.find('title').text(),
description: $this.find('description').text(),
pubDate: $this.find('pubDate').text(),
};
var newDate = new Date(item.pubDate);
var d = newDate.getDate();
var m = newDate.getMonth();
m += 1; // JavaScript months are 0-11
var y = newDate.getFullYear();
var formattedDate = y + '/' + pad(m, 2) + '/' + pad(d, 2);
var $cell = $(settings.container);
var $cell_content = $cell.find('.block-link');
$cell_content
.append($('<h4>').text(item.title))
.append($('<p class="meta-date">').text(formattedDate))
.append(DOMPurify.sanitize(item.description));
var $link = $cell.find('p a:last-child');
var link_label = $link.html();
var link_url = $link.attr('href');
$link.remove();
$cell_content.append(
$(
'<p><span class="block-link-inline">' + link_label + '</span></p>'
)
);
$cell.attr('href', link_url);
$container.append($cell);
} else {
return false;
}
});
$container.slick({
mobileFirst: true,
dots: true,
arrows: false,
centerMode: true,
centerPadding: '16px',
slidesToShow: 1,
responsive: [
{
breakpoint: 640,
settings: 'unslick',
},
],
});
}
// The third parameter (dataType) is set to 'xml' to make sure that the
// response is always a parsed document regardless of the server's MIME
// type. Without this, handleFeedXml could receive a string instead of a
// document (when the server replies with a non-XML MIME type). That would
// result in a XSS vulnerability.
$.get('https://blog.mozilla.org/addons/feed/', handleFeedXml, 'xml');
return this;
};