_toHtmlEntity 对双引号进行转义

对其他地方中有可能产生XSS的地方进行修补
2015-01-20 11:31:17 +08:00
parent ffaaa8c11a
commit 419585ff7d
6 changed files with 6 additions and 6 deletions
--- a/public/js/app/notebook.js
+++ b/public/js/app/notebook.js
@ -477,7 +477,7 @@ Notebook.renderShareNotebooks = function(sharedUserInfos, shareNotebooks) {

 		userNotebooks.ShareNotebooks = [{NotebookId: "-2", Title: "默认共享"}].concat(userNotebooks.ShareNotebooks)

-		var username = userInfo.Username || userInfo.Email;
+		var username = Note._toHtmlEntity(userInfo.Username || userInfo.Email);
 		var header = tt('<div class="folderNote closed"><div class="folderHeader"><a><h1 title="? 的共享"><i class="fa fa-angle-right"></i>?</h1></a></div>', username, username);
 		var body = '<ul class="folderBody">';
 		for(var j in userNotebooks.ShareNotebooks) {