* Use encodeEntities() function to check input

author Golnaz Nilieh <g382nilieh@gmail.com>

Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)

committer Golnaz Nilieh <g382nilieh@gmail.com>

Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)
author Golnaz Nilieh <g382nilieh@gmail.com>
Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)
committer Golnaz Nilieh <g382nilieh@gmail.com>
Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)
diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js

index c974f40ea4c793730abeb98cf21532c2e8ff31ee..04db8b42a79394617a6cf84fa71cb8035574a797 100644 (file)
--- a/apps/bookmarks/js/bookmarks.js
+++ b/apps/bookmarks/js/bookmarks.js
@@ -20,7 +20,7 @@ function getBookmarks() {
         }
         $.ajax({
                 url: 'ajax/updateList.php',
-               data: "tag=" + encodeURI($('#bookmarkFilterTag').val()) + "&page=" + bookmarks_page,
+               data: 'tag=' + encodeURI($('#bookmarkFilterTag').val()) + '&page=' + bookmarks_page,
                 success: function(bookmarks){
                         bookmarks_page += 1;
                         $('.bookmark_link').unbind('click', recordClick);
@@ -37,24 +37,29 @@ function getBookmarks() {
  }
  
  function addBookmark(event) {
-       var url = $('#bookmark_add_url').val()
-       var title = $('#bookmark_add_title').val()
-       var description = $('#bookmark_add_description').val()
-       var tags = $('#bookmark_add_tags').val()
+       var url = encodeEntities($('#bookmark_add_url').val())
+       var title = encodeEntities($('#bookmark_add_title').val())
+       var description = encodeEntities($('#bookmark_add_description').val())
+       var tags = encodeEntities($('#bookmark_add_tags').val())
+       var taglist = tags.split(' ')
+       var tagshtml = '';
+       for ( var i=0, len=taglist.length; i<len; ++i ){
+               tagshtml += '<a class="bookmark_tags" href="?tag=' + encodeURI(taglist[i]) + '">' + taglist[i] + '</a> ';
+       }
         $.ajax({
                 url: 'ajax/addBookmark.php',
-               data: "url=" + encodeURI(url) + "&title=" + encodeURI(title) + "&description=" + encodeURI(description) + "&tags=" + encodeURI(tags),
+               data: 'url=' + encodeURI(url) + '&title=' + encodeURI(title) + '&description=' + encodeURI(description) + '&tags=' + encodeURI(tags),
                 success: function(data){ 
                         $('.bookmarks_add').slideToggle(); 
                         $('.bookmarks_add').children('p').children('.bookmarks_input').val(''); 
                         $('.bookmarks_list').prepend(
-                       "<div class=\"bookmark_single\">" +
-                               "<p class=\"bookmark_title\"><a href=\"" + url + "\" target=\"_new\" class=\"bookmark_link\">" + title + "</a></p>" +
-                               "<p class=\"bookmark_url\">" + url + "</p>" +
-                               "<p class=\"bookmark_description\">" + description + "</p>" +
-                               "<p>" + tags + "</p>" +
-                               "<p class=\"bookmark_actions\"><span class=\"bookmark_delete\">Delete</span></p>" +
-                       "</div>"
+                       '<div class="bookmark_single">' +
+                               '<p class="bookmark_title"><a href="' + url + '" target="_new" class="bookmark_link">' + title + '</a></p>' +
+                               '<p class="bookmark_url">' + url + '</p>' +
+                               '<p class="bookmark_description">' + description + '</p>' +
+                               '<p>' + tagshtml + '</p>' +
+                               '<p class="bookmark_actions"><span class="bookmark_delete">Delete</span></p>' +
+                       '</div>'
                         );
                 }
         });
@@ -64,25 +69,25 @@ function delBookmark(event) {
         var record = $(this).parent().parent()
         $.ajax({
                 url: 'ajax/delBookmark.php',
-               data: "url=" + encodeURI($(this).parent().parent().children('.bookmark_url:first').text()),
-               success: function(data){ record.animate({ opacity: "hide" }, "fast"); }
+               data: 'url=' + encodeURI($(this).parent().parent().children('.bookmark_url:first').text()),
+               success: function(data){ record.animate({ opacity: 'hide' }, 'fast'); }
         });
  }
  
  function updateBookmarksList(bookmark) {
-       var tags = encodeEntities(bookmark.tags).split(" ");
-       var taglist = "";
+       var tags = encodeEntities(bookmark.tags).split(' ');
+       var taglist = '';
         for ( var i=0, len=tags.length; i<len; ++i ){
-               taglist = taglist + "<a class=\"bookmark_tags\" href=\"?tag=" + encodeURI(tags[i]) + "\">" + tags[i] + "</a> ";
+               taglist = taglist + '<a class="bookmark_tags" href="?tag=' + encodeURI(tags[i]) + '">' + tags[i] + '</a> ';
         }
         $('.bookmarks_list').append(
-               "<div class=\"bookmark_single\">" +
-                       "<p class=\"bookmark_title\"><a href=\"" + encodeEntities(bookmark.url) + "\" target=\"_new\" class=\"bookmark_link\">" + encodeEntities(bookmark.title) + "</a></p>" +
-                       "<p class=\"bookmark_url\">" + encodeEntities(bookmark.url) + "</p>" +
-                       "<p class=\"bookmark_description\">" + encodeEntities(bookmark.description) + "</p>" +
-                       "<p>" + taglist + "</p>" +
-                       "<p class=\"bookmark_actions\"><span class=\"bookmark_delete\">Delete</span></p>" +
-               "</div>"
+               '<div class="bookmark_single">' +
+                       '<p class="bookmark_title"><a href="' + encodeEntities(bookmark.url) + '" target="_new" class="bookmark_link">' + encodeEntities(bookmark.title) + '</a></p>' +
+                       '<p class="bookmark_url">' + encodeEntities(bookmark.url) + '</p>' +
+                       '<p class="bookmark_description">' + encodeEntities(bookmark.description) + '</p>' +
+                       '<p>' + taglist + '</p>' +
+                       '<p class="bookmark_actions"><span class="bookmark_delete">Delete</span></p>' +
+               '</div>'
         );
  }
  
@@ -96,13 +101,13 @@ function updateOnBottom() {
  function recordClick(event) {
         $.ajax({
                 url: 'ajax/recordClick.php',
-               data: "url=" + encodeURI($(this).attr('href')),
+               data: 'url=' + encodeURI($(this).attr('href')),
         });     
  }
  
  function encodeEntities(s){
         try {
-               return $("<div/>").text(s).html();
+               return $('<div/>').text(s).html();
                 
         } catch (ex) {
                 return "";
diff --git a/apps/bookmarks/templates/list.php b/apps/bookmarks/templates/list.php

index 9a2226dbd9fc2bb5e12d5788be50229e399d0bd5..769ad815244557f450568f3adc9854fdcbfe9f9d 100644 (file)
--- a/apps/bookmarks/templates/list.php
+++ b/apps/bookmarks/templates/list.php
@@ -8,6 +8,7 @@
         <p><label class="bookmarks_label">Title</label><input type="text" id="bookmark_add_title" class="bookmarks_input" /></p>
         <p><label class="bookmarks_label">Description</label><input type="text" id="bookmark_add_description" class="bookmarks_input" /></p>
         <p><label class="bookmarks_label">Tags</label><input type="text" id="bookmark_add_tags" class="bookmarks_input" /></p>
+       <p><label class="bookmarks_label"> </label><label class="bookmarks_hint">Hint: Use space to separate tags.</label></p>
         <p><label class="bookmarks_label"></label><input type="submit" id="bookmark_add_submit" /></p>
  </div>
  <div class="bookmarks_list">
author	Golnaz Nilieh <g382nilieh@gmail.com>
	Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)
committer	Golnaz Nilieh <g382nilieh@gmail.com>
	Fri, 19 Aug 2011 11:48:08 +0000 (16:18 +0430)
apps/bookmarks/js/bookmarks.js		patch \| blob \| history
apps/bookmarks/templates/list.php		patch \| blob \| history