mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-21 07:56:16 -04:00
Create and use the Security module.
Use it to replace code on the client and server side.
This commit is contained in:
Chad Weider
parent
363e168561
commit
e0d23e3c5d
6 changed files with 74 additions and 65 deletions
|
|
@ -19,6 +19,7 @@ var async = require("async");
|
|||
var Changeset = CommonCode.require("/Changeset");
|
||||
var padManager = require("../db/PadManager");
|
||||
var ERR = require("async-stacktrace");
|
||||
var Security = CommonCode.require('/security');
|
||||
|
||||
function getPadPlainText(pad, revNum)
|
||||
{
|
||||
|
|
@ -270,7 +271,7 @@ function getHTMLFromAtext(pad, atext)
|
|||
//from but they break the abiword parser and are completly useless
|
||||
s = s.replace(String.fromCharCode(12), "");
|
||||
|
||||
assem.append(_escapeHTML(s));
|
||||
assem.append(_encodeWhitespace(Security.escapeHTML(s)));
|
||||
} // end iteration over spans in line
|
||||
|
||||
var tags2close = [];
|
||||
|
|
@ -293,7 +294,7 @@ function getHTMLFromAtext(pad, atext)
|
|||
var url = urlData[1];
|
||||
var urlLength = url.length;
|
||||
processNextChars(startIndex - idx);
|
||||
assem.append('<a href="' + _escapeHTML(url) + '">');
|
||||
assem.append('<a href="' + Security.escapeHTMLAttribute(url) + '">');
|
||||
processNextChars(urlLength);
|
||||
assem.append('</a>');
|
||||
});
|
||||
|
|
@ -494,25 +495,7 @@ exports.getPadHTMLDocument = function (padId, revNum, noDocType, callback)
|
|||
});
|
||||
}
|
||||
|
||||
function _escapeHTML(s)
|
||||
{
|
||||
var re = /[&"<>]/g;
|
||||
if (!re.MAP)
|
||||
{
|
||||
// persisted across function calls!
|
||||
re.MAP = {
|
||||
'&': '&',
|
||||
'"': '"',
|
||||
'<': '<',
|
||||
'>': '>'
|
||||
};
|
||||
}
|
||||
|
||||
s = s.replace(re, function (c)
|
||||
{
|
||||
return re.MAP[c];
|
||||
});
|
||||
|
||||
function _encodeWhitespace(s) {
|
||||
return s.replace(/[^\x21-\x7E\s\t\n\r]/g, function(c)
|
||||
{
|
||||
return "&#" +c.charCodeAt(0) + ";"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
"pad.js": [
|
||||
"jquery.js"
|
||||
, "security.js"
|
||||
, "pad.js"
|
||||
, "ace2_common.js"
|
||||
, "pad_utils.js"
|
||||
|
|
@ -25,6 +26,7 @@
|
|||
]
|
||||
, "timeslider.js": [
|
||||
"jquery.js"
|
||||
, "security.js"
|
||||
, "plugins.js"
|
||||
, "undo-xpopup.js"
|
||||
, "json2.js"
|
||||
|
|
@ -53,6 +55,7 @@
|
|||
"ace2_common.js"
|
||||
, "AttributePoolFactory.js"
|
||||
, "Changeset.js"
|
||||
, "security.js"
|
||||
, "skiplist.js"
|
||||
, "virtual_lines.js"
|
||||
, "cssmanager.js"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue