mirrors/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/fox/tt-rss.git synced 2025-10-17 22:11:01 +02:00
Code Issues Projects Releases Wiki Activity

Fix a potential double-unescaping issue, tweak 'App.escapeHtml()'.

Browse Source
This commit is contained in:
supahgreg 2025-10-10 22:39:31 +00:00
parent 26f1f67746
commit b888fa1032
No known key found for this signature in database
2 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
js/App.js
View File

@ -411,19 +411,35 @@ const App = {
},
// htmlspecialchars()-alike for headlines data-content attribute
escapeHtml: function(p) {
if (typeof p == "string") {
const map = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#039;'
};
return p.replace(/[&<>"']/g, function(m) { return map[m]; });
} else {
if (typeof p !== 'string')
return p;
}
const map = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;',
'/': '&#x2F;',
};
return p.replace(/[&<>"'\/]/g, m => map[m]);
},
unescapeHtml: function(p) {
if (typeof p !== 'string' || p.indexOf('&') === -1)
return p;
return p.replace(/&(?:amp|lt|gt|quot|#x27|#x2F|#039|#47);/g, function(entity) {
switch (entity) {
case '&amp;': return '&';
case '&lt;': return '<';
case '&gt;': return '>';
case '&quot;': return '"';
case '&#x27;': case '&#039;': return "'";
case '&#x2F;': case '&#47;': return '/';
default: return entity;
}
});
},
// http://stackoverflow.com/questions/6251937/how-to-get-selecteduser-highlighted-text-in-contenteditable-element-and-replac
getSelectedText: function() {

11
js/FeedTree.js
View File

@ -237,16 +237,7 @@ define(["dojo/_base/declare", "dojo/dom-construct", "dojo/_base/array", "dojo/co
return rc;
},
getLabel: function(item) {
let name = String(item.name);
/* Horrible */
name = name.replace(/&quot;/g, "\"");
name = name.replace(/&amp;/g, "&");
name = name.replace(/&mdash;/g, "-");
name = name.replace(/&lt;/g, "<");
name = name.replace(/&gt;/g, ">");
return name;
return App.unescapeHtml(item.name);
},
expandParentNodes: function(feed, is_cat, list) {
try {