mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-21 16:06:16 -04:00
Create and use the Security module.
Use it to replace code on the client and server side.
This commit is contained in:
Chad Weider
parent
363e168561
commit
e0d23e3c5d
6 changed files with 74 additions and 65 deletions
|
|
@ -26,6 +26,7 @@
|
|||
// requires: plugins
|
||||
// requires: undefined
|
||||
|
||||
var Security = require('/security');
|
||||
var plugins = require('/plugins').plugins;
|
||||
var map = require('/ace2_common').map;
|
||||
|
||||
|
|
@ -103,17 +104,17 @@ domline.createDomLine = function(nonEmpty, doesWrap, optBrowser, optDocument)
|
|||
if (listType)
|
||||
{
|
||||
listType = listType[1];
|
||||
start = start?'start="'+start[1]+'"':'';
|
||||
start = start?'start="'+Security.escapeHTMLAttribute(start[1])+'"':'';
|
||||
if (listType)
|
||||
{
|
||||
if(listType.indexOf("number") < 0)
|
||||
{
|
||||
preHtml = '<ul class="list-' + listType + '"><li>';
|
||||
preHtml = '<ul class="list-' + Security.escapeHTMLAttribute(listType) + '"><li>';
|
||||
postHtml = '</li></ul>';
|
||||
}
|
||||
else
|
||||
{
|
||||
preHtml = '<ol '+start+' class="list-' + listType + '"><li>';
|
||||
preHtml = '<ol '+start+' class="list-' + Security.escapeHTMLAttribute(listType) + '"><li>';
|
||||
postHtml = '</li></ol>';
|
||||
}
|
||||
}
|
||||
|
|
@ -168,7 +169,7 @@ domline.createDomLine = function(nonEmpty, doesWrap, optBrowser, optDocument)
|
|||
{
|
||||
href = "http://"+href;
|
||||
}
|
||||
extraOpenTags = extraOpenTags + '<a href="' + domline.escapeHTML(href) + '">';
|
||||
extraOpenTags = extraOpenTags + '<a href="' + Security.escapeHTMLAttribute(href) + '">';
|
||||
extraCloseTags = '</a>' + extraCloseTags;
|
||||
}
|
||||
if (simpleTags)
|
||||
|
|
@ -178,7 +179,7 @@ domline.createDomLine = function(nonEmpty, doesWrap, optBrowser, optDocument)
|
|||
simpleTags.reverse();
|
||||
extraCloseTags = '</' + simpleTags.join('></') + '>' + extraCloseTags;
|
||||
}
|
||||
html.push('<span class="', cls || '', '">', extraOpenTags, perTextNodeProcess(domline.escapeHTML(txt)), extraCloseTags, '</span>');
|
||||
html.push('<span class="', Security.escapeHTMLAttribute(cls || ''), '">', extraOpenTags, perTextNodeProcess(Security.escapeHTML(txt)), extraCloseTags, '</span>');
|
||||
}
|
||||
};
|
||||
result.clearSpans = function()
|
||||
|
|
@ -224,27 +225,6 @@ domline.createDomLine = function(nonEmpty, doesWrap, optBrowser, optDocument)
|
|||
return result;
|
||||
};
|
||||
|
||||
domline.escapeHTML = function(s)
|
||||
{
|
||||
var re = /[&<>'"]/g;
|
||||
/']/; // stupid indentation thing
|
||||
if (!re.MAP)
|
||||
{
|
||||
// persisted across function calls!
|
||||
re.MAP = {
|
||||
'&': '&',
|
||||
'<': '<',
|
||||
'>': '>',
|
||||
'"': '"',
|
||||
"'": '''
|
||||
};
|
||||
}
|
||||
return s.replace(re, function(c)
|
||||
{
|
||||
return re.MAP[c];
|
||||
});
|
||||
};
|
||||
|
||||
domline.processSpaces = function(s, doesWrap)
|
||||
{
|
||||
if (s.indexOf("<") < 0 && !doesWrap)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue