cadey
/
Shuo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent link exploit

This commit is contained in:
Mattias Erming 2014-09-15 09:46:46 -07:00
parent 95df0ccec7
commit 0e7d3b93cd
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/js/libs.min.js vendored
View File

File diff suppressed because one or more lines are too long

12
client/js/libs/handlebars/uri.js
View File

@ -1,9 +1,10 @@
function escape(text) {
var e = {
"<": "&lt;",
">": "&gt;"
">": "&gt;",
"'": "&quot;"
};
return text.replace(/[<>]/g, function (c) {
return text.replace(/[<>']/g, function (c) {
return e[c];
});
}
@ -18,9 +19,12 @@ Handlebars.registerHelper(
text = escape(text);
for (var i in urls) {
var url = escape(urls[i]);
var replace = url;
if (url.indexOf("javascript:") !== 0) {
replace = "<a href='" + url.replace(/^www/, "//www") + "' target='_blank'>" + url + "</a>";
}
text = text.replace(
"$(" + i + ")",
"<a href='" + url.replace(/^www/, "//www") + "' target='_blank'>" + url + "</a>"
"$(" + i + ")", replace
);
}
return text;