wamo/Qvitter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

the source of notices is probably safe html to render

Browse Source
This commit is contained in:
Hannes Mannerheim 2015-01-19 14:07:46 +01:00
parent 518daa127e
commit 259651e671
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js/misc-functions.js
View File

@ -36,7 +36,9 @@
/* · /* ·
· ·
· Removes HTML special chars recursively from strings in objects · Removes HTML special chars recursively from strings in objects
· with one exception: statusnet_html found in notices · with exceptions: "statusnet_html" found in notices, which we assume
· gnusocial already stripped from xss, and the "source" which should be
· html rendered by gnusocial itself and not open for attacks
· ·
· @param obj: the object to search and replace in · @param obj: the object to search and replace in
· ·
@ -50,7 +52,7 @@ function iterateRecursiveReplaceHtmlSpecialChars(obj) {
iterateRecursiveReplaceHtmlSpecialChars(obj[property]); iterateRecursiveReplaceHtmlSpecialChars(obj[property]);
} }
else { else {
if(typeof obj[property] == 'string' && property != 'statusnet_html') { if(typeof obj[property] == 'string' && property != 'statusnet_html' && property != 'source') {
obj[property] = replaceHtmlSpecialChars(obj[property]); obj[property] = replaceHtmlSpecialChars(obj[property]);
} }
} }