diff options
author | moisseev <moiseev@mezonplus.ru> | 2020-10-17 21:40:58 +0300 |
---|---|---|
committer | moisseev <moiseev@mezonplus.ru> | 2020-10-17 21:40:58 +0300 |
commit | 4d726d25c5d955f52d2c18464c61295d70d91e20 (patch) | |
tree | 3168eed1522a3180f18b03e100f90a1586ed80c4 /interface/js | |
parent | 32ee6bdf5abf1e3e5b9594783d93522b01faf3e2 (diff) | |
download | rspamd-4d726d25c5d955f52d2c18464c61295d70d91e20.tar.gz rspamd-4d726d25c5d955f52d2c18464c61295d70d91e20.zip |
[WebUI] Escape reserved HTML characters in editor
Issue: #3522
Diffstat (limited to 'interface/js')
-rw-r--r-- | interface/js/app/config.js | 2 | ||||
-rw-r--r-- | interface/js/app/rspamd.js | 41 |
2 files changed, 22 insertions, 21 deletions
diff --git a/interface/js/app/config.js b/interface/js/app/config.js index 082806088..101935c35 100644 --- a/interface/js/app/config.js +++ b/interface/js/app/config.js @@ -170,7 +170,7 @@ define(["jquery", "codejar", "linenumbers", "prism"], success: function (data) { var readonly = ""; var icon = "fa-edit"; - var text = data[0].data; + var text = rspamd.escapeHTML(data[0].data); if (item.editable === false || rspamd.read_only) { readonly = " readonly"; icon = "fa-eye"; diff --git a/interface/js/app/rspamd.js b/interface/js/app/rspamd.js index c3356c7e4..360ba603e 100644 --- a/interface/js/app/rspamd.js +++ b/interface/js/app/rspamd.js @@ -805,25 +805,26 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_ }); }; + ui.escapeHTML = function (string) { + var htmlEscaper = /[&<>"'/`=]/g; + var htmlEscapes = { + "&": "&", + "<": "<", + ">": ">", + "\"": """, + "'": "'", + "/": "/", + "`": "`", + "=": "=" + }; + return String(string).replace(htmlEscaper, function (match) { + return htmlEscapes[match]; + }); + }; + ui.preprocess_item = function (rspamd, item) { - function escapeHTML(string) { - var htmlEscaper = /[&<>"'/`=]/g; - var htmlEscapes = { - "&": "&", - "<": "<", - ">": ">", - "\"": """, - "'": "'", - "/": "/", - "`": "`", - "=": "=" - }; - return String(string).replace(htmlEscaper, function (match) { - return htmlEscapes[match]; - }); - } function escape_HTML_array(arr) { - arr.forEach(function (d, i) { arr[i] = escapeHTML(d); }); + arr.forEach(function (d, i) { arr[i] = ui.escapeHTML(d); }); } for (var prop in item) { @@ -839,9 +840,9 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_ if (!sym.name) { sym.name = key; } - sym.name = escapeHTML(sym.name); + sym.name = ui.escapeHTML(sym.name); if (sym.description) { - sym.description = escapeHTML(sym.description); + sym.description = ui.escapeHTML(sym.description); } if (sym.options) { @@ -851,7 +852,7 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_ break; default: if (typeof item[prop] === "string") { - item[prop] = escapeHTML(item[prop]); + item[prop] = ui.escapeHTML(item[prop]); } } } |