Use packaged edition of security module.
This commit is contained in:
Chad Weider
parent
c4fa2ecddb
commit
b47f6ae905
|
|
@ -36,7 +36,9 @@ var TAR_PATH = path.join(__dirname, 'tar.json');
|
|||
var tar = JSON.parse(fs.readFileSync(TAR_PATH, 'utf8'));
|
||||
|
||||
|
||||
var LIBRARY_WHITELIST = [];
|
||||
var LIBRARY_WHITELIST = [
|
||||
'security'
|
||||
];
|
||||
|
||||
// Rewrite tar to include modules with no extensions and proper rooted paths.
|
||||
var LIBRARY_PREFIX = 'ep_etherpad-lite/static/js';
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@
|
|||
, "rjquery.js"
|
||||
, "underscore.js"
|
||||
, "security.js"
|
||||
, "$security.js"
|
||||
, "json2.js"
|
||||
, "pluginfw/plugins.js"
|
||||
, "pluginfw/hooks.js"
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@
|
|||
"graceful-fs" : "1.1.5",
|
||||
"slide" : "1.1.3",
|
||||
"semver" : "1.0.13",
|
||||
"security" : "1.0.0",
|
||||
"underscore" : "1.3.1"
|
||||
},
|
||||
"bin": { "etherpad-lite": "./node/server.js" },
|
||||
|
|
|
|||
|
|
@ -14,41 +14,4 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
var HTML_ENTITY_MAP = {
|
||||
'&': '&'
|
||||
, '<': '<'
|
||||
, '>': '>'
|
||||
, '"': '"'
|
||||
, "'": '''
|
||||
, '/': '/'
|
||||
};
|
||||
|
||||
// OSWASP Guidlines: &, <, >, ", ' plus forward slash.
|
||||
var HTML_CHARACTERS_EXPRESSION = /[&"'<>\/]/g;
|
||||
function escapeHTML(text) {
|
||||
return text && text.replace(HTML_CHARACTERS_EXPRESSION, function (c) {
|
||||
return HTML_ENTITY_MAP[c] || c;
|
||||
});
|
||||
}
|
||||
|
||||
// OSWASP Guidlines: escape all non alphanumeric characters in ASCII space.
|
||||
var HTML_ATTRIBUTE_CHARACTERS_EXPRESSION =
|
||||
/[\x00-\x2F\x3A-\x40\5B-\x60\x7B-\xFF]/g;
|
||||
function escapeHTMLAttribute(text) {
|
||||
return text && text.replace(HTML_ATTRIBUTE_CHARACTERS_EXPRESSION, function (c) {
|
||||
return "&#x" + ('00' + c.charCodeAt(0).toString(16)).slice(-2) + ";";
|
||||
});
|
||||
};
|
||||
|
||||
// OSWASP Guidlines: escape all non alphanumeric characters in ASCII space.
|
||||
var JAVASCRIPT_CHARACTERS_EXPRESSION =
|
||||
/[\x00-\x2F\x3A-\x40\5B-\x60\x7B-\xFF]/g;
|
||||
function escapeJavaScriptData(text) {
|
||||
return text && text.replace(JAVASCRIPT_CHARACTERS_EXPRESSION, function (c) {
|
||||
return "\\x" + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
|
||||
});
|
||||
}
|
||||
|
||||
exports.escapeHTML = escapeHTML;
|
||||
exports.escapeHTMLAttribute = escapeHTMLAttribute;
|
||||
exports.escapeJavaScriptData = escapeJavaScriptData;
|
||||
module.exports = require('security');
|
||||
|
|
|
|||
Loading…
Reference in New Issue