git ssb

16+

cel / patchfoo



Commit a448b261d6bffa420d1f0c4d57ebe852146001bf

Fix double-html-escaped href

cel committed on 4/24/2018, 6:57:26 AM
Parent: be330fa3f2c5d90bbdcb9fd1ba45c550fac244a1

Files changed

lib/render-msg.jschanged
lib/render.jschanged
lib/util.jschanged
lib/render-msg.jsView
@@ -35,12 +35,8 @@
3535 RenderMsg.prototype.linkify = function (text) {
3636 return this.render.linkify(text)
3737 }
3838
39-function token() {
40- return '__' + Math.random().toString(36).substr(2) + '__'
41-}
42-
4339 RenderMsg.prototype.raw = function (cb) {
4440 // linkify various things in the JSON. TODO: abstract this better
4541
4642 // clone the message for linkifying
@@ -51,9 +47,9 @@
5147 var tokens = {}
5248
5349 // link to feed starting from this message
5450 if (m.value.sequence) {
55- var tok = token()
51 + var tok = u.token()
5652 tokens[tok] = h('a', {href:
5753 this.toUrl(m.value.author + '?gt=' + (m.value.sequence-1))},
5854 m.value.sequence)
5955 m.value.sequence = tok
@@ -63,24 +59,24 @@
6359 var c = m.value.content = {}
6460 for (k in this.c) c[k] = this.c[k]
6561
6662 // link to messages of same type
67- tok = token()
63 + tok = u.token()
6864 tokens[tok] = h('a', {href: this.toUrl('/type/' + c.type)}, c.type)
6965 c.type = tok
7066
7167 // link to channel
7268 if (c.channel) {
73- tok = token()
69 + tok = u.token()
7470 tokens[tok] = h('a', {href: this.toUrl('#' + c.channel)}, c.channel)
7571 c.channel = tok
7672 }
7773
7874 // link to hashtags
7975 // TODO: recurse
8076 for (var k in c) {
8177 if (!c[k] || c[k][0] !== '#') continue
82- tok = token()
78 + tok = u.token()
8379 tokens[tok] = h('a', {href: this.toUrl(c[k])}, c[k])
8480 c[k] = tok
8581 }
8682 }
@@ -1500,9 +1496,9 @@
15001496 RenderMsg.prototype.imageMap = function (cb) {
15011497 var self = this
15021498 var imgLink = u.toLink(self.c.image)
15031499 var imgRef = imgLink && imgLink.link
1504- var mapName = 'map' + token()
1500 + var mapName = 'map' + u.token()
15051501 self.wrap(h('div', [
15061502 h('map', {name: mapName},
15071503 u.toArray(self.c.areas).map(function (areaLink) {
15081504 var href = areaLink && self.toUrl(areaLink.link)
lib/render.jsView
@@ -39,17 +39,21 @@
3939 if (u.isRef(ref)) {
4040 var myName = this.render.app.getNameSync(ref)
4141 if (myName) title = title ? title + ' (' + myName + ')' : myName
4242 }
43 + var hrefToken = href !== false ? u.token() : undefined
4344 var a = h('a', {
4445 class: href === false ? 'bad' : undefined,
45- href: href !== false ? href : undefined,
46 + href: href !== false ? hrefToken : undefined,
4647 title: title || undefined,
4748 download: name ? encodeURIComponent(name) : undefined
4849 })
4950 // text is already html-escaped
5051 a.innerHTML = text
51- return a.outerHTML
52 + var html = a.outerHTML
53 + // href is already html-escaped
54 + if (hrefToken) html = html.replace(hrefToken, href)
55 + return html
5256 }
5357
5458 MdRenderer.prototype.mention = function (preceding, id) {
5559 var href = this.urltransform(id)
lib/util.jsView
@@ -221,4 +221,8 @@
221221
222222 u.rows = function (str) {
223223 return String(str).split(/[^\n]{150}|\n/).length
224224 }
225 +
226 +u.token = function () {
227 + return '__' + Math.random().toString(36).substr(2) + '__'
228 +}

Built with git-ssb-web