Fix XSS in the user dropdown menu

pull/1/head
yflory 8 years ago
parent f130fd0598
commit 26e3971482

@ -163,10 +163,13 @@ define([
// var isArray = function (o) { return Object.prototype.toString.call(o) === '[object Array]'; }; // var isArray = function (o) { return Object.prototype.toString.call(o) === '[object Array]'; };
var isArray = common.isArray = $.isArray; var isArray = common.isArray = $.isArray;
var fixHTML = common.fixHTML = function (html) { var fixHTML = common.fixHTML = function (str) {
return html.replace(/</g, '&lt;'); return str.replace(/[<>&"']/g, function (x) {
return ({ "<": "&lt;", ">": "&gt", "&": "&amp;", '"': "&#34;", "'": "&#39;" })[x];
});
}; };
var truncate = common.truncate = function (text, len) { var truncate = common.truncate = function (text, len) {
if (typeof(text) === 'string' && text.length > len) { if (typeof(text) === 'string' && text.length > len) {
return text.slice(0, len) + '…'; return text.slice(0, len) + '…';
@ -1142,22 +1145,22 @@ define([
var $displayedName = $('<span>', {'class': config.displayNameCls || 'displayName'}); var $displayedName = $('<span>', {'class': config.displayNameCls || 'displayName'});
var accountName = localStorage[common.userNameKey]; var accountName = localStorage[common.userNameKey];
var account = isLoggedIn(); var account = isLoggedIn();
var $userAdminContent = $('<p>');
if (account) {
var $userAccount = $('<span>', {'class': 'userAccount'}).append(Messages.user_accountName + ': ' + accountName);
$userAdminContent.append($userAccount);
$userAdminContent.append($('<br>'));
}
var $userName = $('<span>', {'class': 'userDisplayName'}); var $userName = $('<span>', {'class': 'userDisplayName'});
if (config.displayName) {
// Hide "Display name:" in read only mode
$userName.append(Messages.user_displayName + ': ');
$userName.append($displayedName.clone());
}
//$userName.append($displayedName.clone()); TODO remove ?
$userAdminContent.append($userName);
var options = []; var options = [];
if (config.displayNameCls) { if (config.displayNameCls) {
var $userAdminContent = $('<p>');
if (account) {
var $userAccount = $('<span>', {'class': 'userAccount'}).append(Messages.user_accountName + ': ' + fixHTML(accountName));
$userAdminContent.append($userAccount);
$userAdminContent.append($('<br>'));
}
if (config.displayName) {
// Hide "Display name:" in read only mode
$userName.append(Messages.user_displayName + ': ');
$userName.append($displayedName.clone());
}
//$userName.append($displayedName.clone()); TODO remove ?
$userAdminContent.append($userName);
options.push({ options.push({
tag: 'p', tag: 'p',
attributes: {'class': 'accountData'}, attributes: {'class': 'accountData'},

Loading…
Cancel
Save