fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

All escaping functions replace HTML reserved characters.

This commit is contained in:
Chad Weider 2012-01-14 14:46:15 -08:00
parent 30da7357e5
commit 6e36b59a59
4 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
node/utils/ExportHtml.js
View File

@ -429,14 +429,15 @@ exports.getPadHTMLDocument = function (padId, revNum, noDocType, callback)
function _escapeHTML(s) function _escapeHTML(s)
{ {
var re = /[&<>]/g; var re = /[&"<>]/g;
if (!re.MAP) if (!re.MAP)
{ {
// persisted across function calls! // persisted across function calls!
re.MAP = { re.MAP = {
'&': '&amp;', '&': '&amp;',
'"': '&quot;',
'<': '&lt;', '<': '&lt;',
'>': '&gt;', '>': '&gt;'
}; };
} }

9
static/js/ace2_common.js
View File

@ -142,7 +142,14 @@ function binarySearchInfinite(expectedLength, func)
function htmlPrettyEscape(str) function htmlPrettyEscape(str)
{ {
return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\r?\n/g, '\\n'); return str.replace(/[&"<>]/g, function (c) {
return {
'&': '&amp;',
'"': '&quot;',
'<': '&lt;',
'>': '&gt;'
}[c] || c;
}).replace(/\r?\n/g, '\\n');
} }
if (typeof exports !== "undefined") if (typeof exports !== "undefined")

2
static/js/domline.js
View File

@ -229,7 +229,7 @@ domline.escapeHTML = function(s)
'&': '&amp;', '&': '&amp;',
'<': '&lt;', '<': '&lt;',
'>': '&gt;', '>': '&gt;',
'"': '&#34;', '"': '&quot;',
"'": '&#39;' "'": '&#39;'
}; };
} }

9
static/js/pad_utils.js
View File

@ -23,7 +23,14 @@
var padutils = { var padutils = {
escapeHtml: function(x) escapeHtml: function(x)
{ {
return String(x).replace(/\</g, '&lt;').replace(/\>/g, '&gt;'); return String(x).replace(/[&"<>]/g, function (c) {
return {
'&': '&amp;',
'"': '&quot;',
'<': '&lt;',
'>': '&gt;'
}[c] || c;
});
}, },
uniqueId: function() uniqueId: function()
{ {