cadey
/
Shuo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent link exploit

This commit is contained in:
Mattias Erming 2014-09-15 09:46:46 -07:00
parent 95df0ccec7
commit 0e7d3b93cd
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/js/libs.min.js vendored
View File

File diff suppressed because one or more lines are too long

12
client/js/libs/handlebars/uri.js
View File

@ -1,9 +1,10 @@
function escape(text) { function escape(text) {
var e = { var e = {
"<": "&lt;", "<": "&lt;",
">": "&gt;" ">": "&gt;",
"'": "&quot;"
}; };
return text.replace(/[<>]/g, function (c) { return text.replace(/[<>']/g, function (c) {
return e[c]; return e[c];
}); });
} }
@ -18,9 +19,12 @@ Handlebars.registerHelper(
text = escape(text); text = escape(text);
for (var i in urls) { for (var i in urls) {
var url = escape(urls[i]); var url = escape(urls[i]);
var replace = url;
if (url.indexOf("javascript:") !== 0) {
replace = "<a href='" + url.replace(/^www/, "//www") + "' target='_blank'>" + url + "</a>";
}
text = text.replace( text = text.replace(
"$(" + i + ")", "$(" + i + ")", replace
"<a href='" + url.replace(/^www/, "//www") + "' target='_blank'>" + url + "</a>"
); );
} }
return text; return text;