From: Golnaz Nilieh Date: Fri, 19 Aug 2011 11:48:08 +0000 (+0430) Subject: * Use encodeEntities() function to check input X-Git-Tag: v3.0~267^2~76 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5d310ebf921df64d67cd5ea7fc5705dff20890f8;p=nextcloud-server.git * Use encodeEntities() function to check input * Separate tags by space --- diff --git a/apps/bookmarks/js/bookmarks.js b/apps/bookmarks/js/bookmarks.js index c974f40ea4c..04db8b42a79 100644 --- a/apps/bookmarks/js/bookmarks.js +++ b/apps/bookmarks/js/bookmarks.js @@ -20,7 +20,7 @@ function getBookmarks() { } $.ajax({ url: 'ajax/updateList.php', - data: "tag=" + encodeURI($('#bookmarkFilterTag').val()) + "&page=" + bookmarks_page, + data: 'tag=' + encodeURI($('#bookmarkFilterTag').val()) + '&page=' + bookmarks_page, success: function(bookmarks){ bookmarks_page += 1; $('.bookmark_link').unbind('click', recordClick); @@ -37,24 +37,29 @@ function getBookmarks() { } function addBookmark(event) { - var url = $('#bookmark_add_url').val() - var title = $('#bookmark_add_title').val() - var description = $('#bookmark_add_description').val() - var tags = $('#bookmark_add_tags').val() + var url = encodeEntities($('#bookmark_add_url').val()) + var title = encodeEntities($('#bookmark_add_title').val()) + var description = encodeEntities($('#bookmark_add_description').val()) + var tags = encodeEntities($('#bookmark_add_tags').val()) + var taglist = tags.split(' ') + var tagshtml = ''; + for ( var i=0, len=taglist.length; i' + taglist[i] + ' '; + } $.ajax({ url: 'ajax/addBookmark.php', - data: "url=" + encodeURI(url) + "&title=" + encodeURI(title) + "&description=" + encodeURI(description) + "&tags=" + encodeURI(tags), + data: 'url=' + encodeURI(url) + '&title=' + encodeURI(title) + '&description=' + encodeURI(description) + '&tags=' + encodeURI(tags), success: function(data){ $('.bookmarks_add').slideToggle(); $('.bookmarks_add').children('p').children('.bookmarks_input').val(''); $('.bookmarks_list').prepend( - "
" + - "

" + title + "

" + - "

" + url + "

" + - "

" + description + "

" + - "

" + tags + "

" + - "

Delete

" + - "
" + '
' + + '

' + title + '

' + + '

' + url + '

' + + '

' + description + '

' + + '

' + tagshtml + '

' + + '

Delete

' + + '
' ); } }); @@ -64,25 +69,25 @@ function delBookmark(event) { var record = $(this).parent().parent() $.ajax({ url: 'ajax/delBookmark.php', - data: "url=" + encodeURI($(this).parent().parent().children('.bookmark_url:first').text()), - success: function(data){ record.animate({ opacity: "hide" }, "fast"); } + data: 'url=' + encodeURI($(this).parent().parent().children('.bookmark_url:first').text()), + success: function(data){ record.animate({ opacity: 'hide' }, 'fast'); } }); } function updateBookmarksList(bookmark) { - var tags = encodeEntities(bookmark.tags).split(" "); - var taglist = ""; + var tags = encodeEntities(bookmark.tags).split(' '); + var taglist = ''; for ( var i=0, len=tags.length; i" + tags[i] + " "; + taglist = taglist + '' + tags[i] + ' '; } $('.bookmarks_list').append( - "
" + - "

" + encodeEntities(bookmark.title) + "

" + - "

" + encodeEntities(bookmark.url) + "

" + - "

" + encodeEntities(bookmark.description) + "

" + - "

" + taglist + "

" + - "

Delete

" + - "
" + '
' + + '

' + encodeEntities(bookmark.title) + '

' + + '

' + encodeEntities(bookmark.url) + '

' + + '

' + encodeEntities(bookmark.description) + '

' + + '

' + taglist + '

' + + '

Delete

' + + '
' ); } @@ -96,13 +101,13 @@ function updateOnBottom() { function recordClick(event) { $.ajax({ url: 'ajax/recordClick.php', - data: "url=" + encodeURI($(this).attr('href')), + data: 'url=' + encodeURI($(this).attr('href')), }); } function encodeEntities(s){ try { - return $("
").text(s).html(); + return $('
').text(s).html(); } catch (ex) { return ""; diff --git a/apps/bookmarks/templates/list.php b/apps/bookmarks/templates/list.php index 9a2226dbd9f..769ad815244 100644 --- a/apps/bookmarks/templates/list.php +++ b/apps/bookmarks/templates/list.php @@ -8,6 +8,7 @@

+