provide real barebones XSS protection on e2ee contents and implement a few bbcode tags we're likely to see a lot of. Still need to write a js zid() function to properly implement zrl and zmg but at least they will be linked now.

2013-11-11 16:47:49 -08:00 · 2013-11-11 16:47:49 -08:00 · d9013f4311
commit d9013f4311
parent 4a3191cd19
1 changed files with 41 additions and 24 deletions
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@ -367,6 +367,11 @@ function enableOnUser(){
 			y = y.replace(re,str);
 		};

+		rep(/\&/gi,"&amp;");
+		rep(/\</gi,"&lt;");
+		rep(/\>/gi,"&gt;");
+		rep(/\"/gi,"&quot;");
+
 		rep(/\n/gi,"<br />");
 		rep(/\[b\]/gi,"<strong>");
 		rep(/\[\/b\]/gi,"</strong>");
@ -380,6 +385,12 @@ function enableOnUser(){
 		rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />");
 		rep(/\[img\](.*?)\[\/img\]/gi,"<img src=\"$1\" />");

+		// FIXME - add zid
+		rep(/\[zrl=([^\]]+)\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$2</a>");
+		rep(/\[zrl\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$1</a>");
+		rep(/\[zmg=(.*?)x(.*?)\](.*?)\[\/zmg\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />");
+		rep(/\[zmg\](.*?)\[\/zmg\]/gi,"<img src=\"$1\" />");
+
 		rep(/\[list\](.*?)\[\/list\]/gi, '<ul class="listbullet" style="list-style-type: circle;">$1</ul>');
 		rep(/\[list=\](.*?)\[\/list\]/gi, '<ul class="listnone" style="list-style-type: none;">$1</ul>');
 		rep(/\[list=1\](.*?)\[\/list\]/gi, '<ul class="listdecimal" style="list-style-type: decimal;">$1</ul>');
@ -393,6 +404,12 @@ function enableOnUser(){
 		rep(/\[code\](.*?)\[\/code\]/gi,"<code>$1</code>");
 		rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"<blockquote>$1</blockquote>");

+
+
+		rep(/\[\&amp\;([#a-z0-9]+)\;\]/gi,'&$1;');
+
+		rep(/\<(.*?)(src|href)=\"[^hfm](.*?)\>/gi,'<$1$2="">');
+
 		return y; 
 	};