xuemingqiang/leanote
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

_toHtmlEntity 对双引号进行转义

Browse Source 
对其他地方中有可能产生XSS的地方进行修补
This commit is contained in:
yfqin
2015-01-20 11:31:17 +08:00
parent ffaaa8c11a
commit 419585ff7d
6 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/js/app/note-min.js vendored
View File

File diff suppressed because one or more lines are too long

2
public/js/app/note.js
View File

@ -776,7 +776,7 @@ Note.renderNotes = function(notes, forNewNote, isShared) {
}
Note._toHtmlEntity = function(html){
return (html + '').replace(/</g, '&lt;').replace(/>/g, '&gt;');
return (html + '').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
};
Note._renderNotes = function(notes, forNewNote, isShared, tang) { // 第几趟

2
public/js/app/notebook-min.js vendored
View File

File diff suppressed because one or more lines are too long

2
public/js/app/notebook.js
View File

@ -477,7 +477,7 @@ Notebook.renderShareNotebooks = function(sharedUserInfos, shareNotebooks) {
userNotebooks.ShareNotebooks = [{NotebookId: "-2", Title: "默认共享"}].concat(userNotebooks.ShareNotebooks)
var username = userInfo.Username || userInfo.Email;
var username = Note._toHtmlEntity(userInfo.Username || userInfo.Email);
var header = tt('<div class="folderNote closed"><div class="folderHeader"><a><h1 title="? 的共享"><i class="fa fa-angle-right"></i>?</h1></a></div>', username, username);
var body = '<ul class="folderBody">';
for(var j in userNotebooks.ShareNotebooks) {

2
public/js/app/tag-min.js vendored
View File

@ -1 +1 @@
Tag.classes={"蓝色":"label label-blue","红色":"label label-red","绿色":"label label-green","黄色":"label label-yellow",blue:"label label-blue",red:"label label-red",green:"label label-green",yellow:"label label-yellow"};Tag.mapCn2En={"蓝色":"blue","红色":"red","绿色":"green","黄色":"yellow"};Tag.mapEn2Cn={blue:"蓝色",red:"红色",green:"绿色",yellow:"黄色"};Tag.t=$("#tags");Tag.getTags=function(){var tags=[];Tag.t.children().each(function(){var text=$(this).text();text=text.substring(0,text.length-1);text=Tag.mapCn2En[text]||text;tags.push(text)});return tags};Tag.clearTags=function(){Tag.t.html("")};Tag.renderTags=function(tags){Tag.t.html("");if(isEmpty(tags)){return}for(var i=0;i<tags.length;++i){var tag=tags[i];Tag.appendTag(tag)}};function revertTagStatus(){$("#addTagTrigger").show();$("#addTagInput").hide()}function hideTagList(event){$("#tagDropdown").removeClass("open");if(event){event.stopPropagation()}}function showTagList(event){$("#tagDropdown").addClass("open");if(event){event.stopPropagation()}}Tag.renderReadOnlyTags=function(tags){$("#noteReadTags").html("");if(isEmpty(tags)){$("#noteReadTags").html(getMsg("noTag"))}var i=true;function getNextDefaultClasses(){if(i){return"label label-default";i=false}else{i=true;return"label label-info"}}for(var i in tags){var text=tags[i];text=Tag.mapEn2Cn[text]||text;var classes=Tag.classes[text];if(!classes){classes=getNextDefaultClasses()}tag=tt('<span class="?">?</span>',classes,text);$("#noteReadTags").append(tag)}};Tag.appendTag=function(tag){var isColor=false;var classes,text;if(typeof tag=="object"){classes=tag.classes;text=tag.text;if(!text){return}}else{tag=$.trim(tag);text=tag;if(!text){return}var classes=Tag.classes[text];if(classes){isColor=true}else{classes="label label-default"}}if(LEA.locale=="zh"){text=Tag.mapEn2Cn[text]||text}tag=tt('<span class="?">?<i title="'+getMsg("delete")+'">X</i></span>',classes,Note._toHtmlEntity(text));$("#tags").children().each(function(){if(isColor){var tagHtml=$("<div></div>").append($(this).clone()).html();if(tagHtml==tag){$(this).remove()}}else if(text+"X"==$(this).text()){$(this).remove()}});$("#tags").append(tag);hideTagList();if(!isColor){reRenderTags()}};function reRenderTags(){var defautClasses=["label label-default","label label-info"];var i=0;$("#tags").children().each(function(){var thisClasses=$(this).attr("class");if(thisClasses=="label label-default"||thisClasses=="label label-info"){$(this).removeClass(thisClasses).addClass(defautClasses[i%2]);i++}})}Tag.renderTagNav=function(tags){tags=tags||[];for(var i in tags){var tag=tags[i];if(tag=="red"||tag=="blue"||tag=="yellow"||tag=="green"){continue}var text=Note._toHtmlEntity(Tag.mapEn2Cn[tag]||tag);var classes=Tag.classes[tag]||"label label-default";$("#tagNav").append(tt('<li data-tag="?"><a> <span class="?">?</span></li>',text,classes,text))}};$(function(){$("#addTagTrigger").click(function(){$(this).hide();$("#addTagInput").show().focus().val("")});$("#addTagInput").click(function(event){showTagList(event)});$("#addTagInput").blur(function(){var val=$(this).val();if(val){Tag.appendTag(val,true)}return;$("#addTagTrigger").show();$("#addTagInput").hide()});$("#addTagInput").keydown(function(e){if(e.keyCode==13){hideTagList();if($("#addTagInput").val()){$(this).trigger("blur");$("#addTagTrigger").trigger("click")}else{$(this).trigger("blur")}}});$("#tagColor li").click(function(event){var a;if($(this).attr("role")){a=$(this).find("span")}else{a=$(this)}Tag.appendTag({classes:a.attr("class"),text:a.text()})});$("#tags").on("click","i",function(){$(this).parent().remove();reRenderTags()});function searchTag(){var tag=$.trim($(this).data("tag"));Note.curChangedSaveIt();Note.clearAll();$("#tagSearch").html($(this).html()).show();showLoading();ajaxGet("/note/searchNoteByTags",{tags:[tag]},function(notes){hideLoading();if(notes){Note.renderNotes(notes);if(!isEmpty(notes)){Note.changeNote(notes[0].NoteId)}}})}$("#myTag .folderBody").on("click","li",searchTag);$("#minTagNav").on("click","li",searchTag)});
Tag.classes={"蓝色":"label label-blue","红色":"label label-red","绿色":"label label-green","黄色":"label label-yellow",blue:"label label-blue",red:"label label-red",green:"label label-green",yellow:"label label-yellow"};Tag.mapCn2En={"蓝色":"blue","红色":"red","绿色":"green","黄色":"yellow"};Tag.mapEn2Cn={blue:"蓝色",red:"红色",green:"绿色",yellow:"黄色"};Tag.t=$("#tags");Tag.getTags=function(){var tags=[];Tag.t.children().each(function(){var text=$(this).text();text=text.substring(0,text.length-1);text=Tag.mapCn2En[text]||text;tags.push(text)});return tags};Tag.clearTags=function(){Tag.t.html("")};Tag.renderTags=function(tags){Tag.t.html("");if(isEmpty(tags)){return}for(var i=0;i<tags.length;++i){var tag=tags[i];Tag.appendTag(tag)}};function revertTagStatus(){$("#addTagTrigger").show();$("#addTagInput").hide()}function hideTagList(event){$("#tagDropdown").removeClass("open");if(event){event.stopPropagation()}}function showTagList(event){$("#tagDropdown").addClass("open");if(event){event.stopPropagation()}}Tag.renderReadOnlyTags=function(tags){$("#noteReadTags").html("");if(isEmpty(tags)){$("#noteReadTags").html(getMsg("noTag"))}var i=true;function getNextDefaultClasses(){if(i){return"label label-default";i=false}else{i=true;return"label label-info"}}for(var i in tags){var text=tags[i];text=Tag.mapEn2Cn[text]||text;var classes=Tag.classes[text];if(!classes){classes=getNextDefaultClasses()}tag=tt('<span class="?">?</span>',classes,Note._toHtmlEntity(text));$("#noteReadTags").append(tag)}};Tag.appendTag=function(tag){var isColor=false;var classes,text;if(typeof tag=="object"){classes=tag.classes;text=tag.text;if(!text){return}}else{tag=$.trim(tag);text=tag;if(!text){return}var classes=Tag.classes[text];if(classes){isColor=true}else{classes="label label-default"}}if(LEA.locale=="zh"){text=Tag.mapEn2Cn[text]||text}tag=tt('<span class="?">?<i title="'+getMsg("delete")+'">X</i></span>',classes,Note._toHtmlEntity(text));$("#tags").children().each(function(){if(isColor){var tagHtml=$("<div></div>").append($(this).clone()).html();if(tagHtml==tag){$(this).remove()}}else if(text+"X"==$(this).text()){$(this).remove()}});$("#tags").append(tag);hideTagList();if(!isColor){reRenderTags()}};function reRenderTags(){var defautClasses=["label label-default","label label-info"];var i=0;$("#tags").children().each(function(){var thisClasses=$(this).attr("class");if(thisClasses=="label label-default"||thisClasses=="label label-info"){$(this).removeClass(thisClasses).addClass(defautClasses[i%2]);i++}})}Tag.renderTagNav=function(tags){tags=tags||[];for(var i in tags){var tag=tags[i];if(tag=="red"||tag=="blue"||tag=="yellow"||tag=="green"){continue}var text=Note._toHtmlEntity(Tag.mapEn2Cn[tag]||tag);var classes=Tag.classes[tag]||"label label-default";$("#tagNav").append(tt('<li data-tag="?"><a> <span class="?">?</span></li>',text,classes,text))}};$(function(){$("#addTagTrigger").click(function(){$(this).hide();$("#addTagInput").show().focus().val("")});$("#addTagInput").click(function(event){showTagList(event)});$("#addTagInput").blur(function(){var val=$(this).val();if(val){Tag.appendTag(val,true)}return;$("#addTagTrigger").show();$("#addTagInput").hide()});$("#addTagInput").keydown(function(e){if(e.keyCode==13){hideTagList();if($("#addTagInput").val()){$(this).trigger("blur");$("#addTagTrigger").trigger("click")}else{$(this).trigger("blur")}}});$("#tagColor li").click(function(event){var a;if($(this).attr("role")){a=$(this).find("span")}else{a=$(this)}Tag.appendTag({classes:a.attr("class"),text:a.text()})});$("#tags").on("click","i",function(){$(this).parent().remove();reRenderTags()});function searchTag(){var tag=$.trim($(this).data("tag"));Note.curChangedSaveIt();Note.clearAll();$("#tagSearch").html($(this).html()).show();showLoading();ajaxGet("/note/searchNoteByTags",{tags:[tag]},function(notes){hideLoading();if(notes){Note.renderNotes(notes);if(!isEmpty(notes)){Note.changeNote(notes[0].NoteId)}}})}$("#myTag .folderBody").on("click","li",searchTag);$("#minTagNav").on("click","li",searchTag)});

2
public/js/app/tag.js
View File

@ -108,7 +108,7 @@ Tag.renderReadOnlyTags = function(tags) {
if(!classes) {
classes = getNextDefaultClasses();
}
tag = tt('<span class="?">?</span>', classes, text);
tag = tt('<span class="?">?</span>', classes, Note._toHtmlEntity(text));
$("#noteReadTags").append(tag);
}