aboutsummaryrefslogtreecommitdiffstats
path: root/interface/js
diff options
context:
space:
mode:
authormoisseev <moiseev@mezonplus.ru>2020-10-17 21:40:58 +0300
committermoisseev <moiseev@mezonplus.ru>2020-10-17 21:40:58 +0300
commit4d726d25c5d955f52d2c18464c61295d70d91e20 (patch)
tree3168eed1522a3180f18b03e100f90a1586ed80c4 /interface/js
parent32ee6bdf5abf1e3e5b9594783d93522b01faf3e2 (diff)
downloadrspamd-4d726d25c5d955f52d2c18464c61295d70d91e20.tar.gz
rspamd-4d726d25c5d955f52d2c18464c61295d70d91e20.zip
[WebUI] Escape reserved HTML characters in editor
Issue: #3522
Diffstat (limited to 'interface/js')
-rw-r--r--interface/js/app/config.js2
-rw-r--r--interface/js/app/rspamd.js41
2 files changed, 22 insertions, 21 deletions
diff --git a/interface/js/app/config.js b/interface/js/app/config.js
index 082806088..101935c35 100644
--- a/interface/js/app/config.js
+++ b/interface/js/app/config.js
@@ -170,7 +170,7 @@ define(["jquery", "codejar", "linenumbers", "prism"],
success: function (data) {
var readonly = "";
var icon = "fa-edit";
- var text = data[0].data;
+ var text = rspamd.escapeHTML(data[0].data);
if (item.editable === false || rspamd.read_only) {
readonly = " readonly";
icon = "fa-eye";
diff --git a/interface/js/app/rspamd.js b/interface/js/app/rspamd.js
index c3356c7e4..360ba603e 100644
--- a/interface/js/app/rspamd.js
+++ b/interface/js/app/rspamd.js
@@ -805,25 +805,26 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_
});
};
+ ui.escapeHTML = function (string) {
+ var htmlEscaper = /[&<>"'/`=]/g;
+ var htmlEscapes = {
+ "&": "&amp;",
+ "<": "&lt;",
+ ">": "&gt;",
+ "\"": "&quot;",
+ "'": "&#39;",
+ "/": "&#x2F;",
+ "`": "&#x60;",
+ "=": "&#x3D;"
+ };
+ return String(string).replace(htmlEscaper, function (match) {
+ return htmlEscapes[match];
+ });
+ };
+
ui.preprocess_item = function (rspamd, item) {
- function escapeHTML(string) {
- var htmlEscaper = /[&<>"'/`=]/g;
- var htmlEscapes = {
- "&": "&amp;",
- "<": "&lt;",
- ">": "&gt;",
- "\"": "&quot;",
- "'": "&#39;",
- "/": "&#x2F;",
- "`": "&#x60;",
- "=": "&#x3D;"
- };
- return String(string).replace(htmlEscaper, function (match) {
- return htmlEscapes[match];
- });
- }
function escape_HTML_array(arr) {
- arr.forEach(function (d, i) { arr[i] = escapeHTML(d); });
+ arr.forEach(function (d, i) { arr[i] = ui.escapeHTML(d); });
}
for (var prop in item) {
@@ -839,9 +840,9 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_
if (!sym.name) {
sym.name = key;
}
- sym.name = escapeHTML(sym.name);
+ sym.name = ui.escapeHTML(sym.name);
if (sym.description) {
- sym.description = escapeHTML(sym.description);
+ sym.description = ui.escapeHTML(sym.description);
}
if (sym.options) {
@@ -851,7 +852,7 @@ function ($, D3pie, visibility, NProgress, stickyTabs, tab_stat, tab_graph, tab_
break;
default:
if (typeof item[prop] === "string") {
- item[prop] = escapeHTML(item[prop]);
+ item[prop] = ui.escapeHTML(item[prop]);
}
}
}