mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-20 15:36:16 -04:00
Create and use the Security module.
Use it to replace code on the client and server side.
This commit is contained in:
Chad Weider
parent
363e168561
commit
e0d23e3c5d
6 changed files with 74 additions and 65 deletions
|
|
@ -20,6 +20,8 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
var Security = require('/security');
|
||||
|
||||
/**
|
||||
* Generates a random String with the given length. Is needed to generate the Author, Group, readonly, session Ids
|
||||
*/
|
||||
|
|
@ -69,14 +71,7 @@ function readCookie(name)
|
|||
var padutils = {
|
||||
escapeHtml: function(x)
|
||||
{
|
||||
return String(x).replace(/[&"<>]/g, function (c) {
|
||||
return {
|
||||
'&': '&',
|
||||
'"': '"',
|
||||
'<': '<',
|
||||
'>': '>'
|
||||
}[c] || c;
|
||||
});
|
||||
return Security.escapeHTML(String(x));
|
||||
},
|
||||
uniqueId: function()
|
||||
{
|
||||
|
|
@ -205,7 +200,7 @@ var padutils = {
|
|||
{
|
||||
if (i > idx)
|
||||
{
|
||||
pieces.push(padutils.escapeHtml(text.substring(idx, i)));
|
||||
pieces.push(Security.escapeHTML(text.substring(idx, i)));
|
||||
idx = i;
|
||||
}
|
||||
}
|
||||
|
|
@ -216,7 +211,7 @@ var padutils = {
|
|||
var startIndex = urls[j][0];
|
||||
var href = urls[j][1];
|
||||
advanceTo(startIndex);
|
||||
pieces.push('<a ', (target ? 'target="' + target + '" ' : ''), 'href="', padutils.escapeHtml(href), '">');
|
||||
pieces.push('<a ', (target ? 'target="' + Security.escapeHTMLAttribute(target) + '" ' : ''), 'href="', Security.escapeHTMLAttribute(href), '">');
|
||||
advanceTo(startIndex + href.length);
|
||||
pieces.push('</a>');
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue