wamo/Qvitter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

the source of notices is probably safe html to render

Browse Source
This commit is contained in:
Hannes Mannerheim 2015-01-19 14:07:46 +01:00
parent 518daa127e
commit 259651e671
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js/misc-functions.js
View File

@ -36,7 +36,9 @@
/* ·
·
· Removes HTML special chars recursively from strings in objects
· with one exception: statusnet_html found in notices
· with exceptions: "statusnet_html" found in notices, which we assume
· gnusocial already stripped from xss, and the "source" which should be
· html rendered by gnusocial itself and not open for attacks
·
· @param obj: the object to search and replace in
·
@ -50,7 +52,7 @@ function iterateRecursiveReplaceHtmlSpecialChars(obj) {
iterateRecursiveReplaceHtmlSpecialChars(obj[property]);
}
else {
if(typeof obj[property] == 'string' && property != 'statusnet_html') {
if(typeof obj[property] == 'string' && property != 'statusnet_html' && property != 'source') {
obj[property] = replaceHtmlSpecialChars(obj[property]);
}
}