HGKeeper

39f13816b20a

Now that this all works... remove the hash from the url so it's not visible to others

+6 -0

~~--- a/htdocs/oauth.html Thu May 04 22:00:11 2017 -0500~~

+++ b/htdocs/oauth.html Thu May 04 22:05:47 2017 -0500

@@ -70,9 +70,15 @@

for (var i = 0; i < vars.length; i++) {

var parts = vars[i].split("=");

if(parts[0] == "access_token") {

+ // remove the hash from the url so we don't leak it.

+ window.location.hash = "";

+

+ // update the input box with the access token

var element = $("#access_token");

element.val(parts[1]);

element.select();

+

+ // stop processing

break;

}