filter unwanted elements when receiving patches
parent
648f64c6fc
commit
7e8d66a141
|
@ -48,32 +48,6 @@
|
|||
</head>
|
||||
<body>
|
||||
<iframe id="pad-iframe" src="inner.html"></iframe>
|
||||
<div id="debug"><button>DEBUG</button></div>
|
||||
<textarea id="feedback"></textarea>
|
||||
<script>
|
||||
require(['/bower_components/jquery/dist/jquery.min.js'], function() {
|
||||
var $ = window.$;
|
||||
$('#debug').on('click', function() {
|
||||
if($('#feedback').is(':visible')) {
|
||||
$('#pad-iframe').css({
|
||||
'width' : '100%'
|
||||
});
|
||||
$('#debug').css({
|
||||
'right' : '0%'
|
||||
});
|
||||
}
|
||||
else {
|
||||
$('#pad-iframe').css({
|
||||
'width' : '70%'
|
||||
});
|
||||
$('#debug').css({
|
||||
'right' : '30%'
|
||||
});
|
||||
}
|
||||
$('#feedback').toggle();
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
|
|
@ -100,8 +100,43 @@ define([
|
|||
// don't let the user edit until the pad is ready
|
||||
setEditable(false);
|
||||
|
||||
var forbiddenTags = [
|
||||
'SCRIPT',
|
||||
'IFRAME',
|
||||
'OBJECT',
|
||||
'APPLET',
|
||||
'VIDEO',
|
||||
'AUDIO'
|
||||
];
|
||||
|
||||
var diffOptions = {
|
||||
preDiffApply: function (info) {
|
||||
/*
|
||||
Don't accept attributes that begin with 'on'
|
||||
these are probably listeners, and we don't want to
|
||||
send scripts over the wire.
|
||||
*/
|
||||
if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) {
|
||||
if (/^on/.test(info.diff.name)) {
|
||||
console.log("Rejecting forbidden element attribute with name (%s)", info.diff.name);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
/*
|
||||
Also reject any elements which would insert any one of
|
||||
our forbidden tag types: script, iframe, object,
|
||||
applet, video, or audio
|
||||
*/
|
||||
if (['addElement', 'replaceElement'].indexOf(info.diff.action) !== -1) {
|
||||
if (info.diff.element && forbiddenTags.indexOf(info.diff.element.nodeName) !== -1) {
|
||||
console.log("Rejecting forbidden tag of type (%s)", info.diff.element.nodeName);
|
||||
return true;
|
||||
} else if (info.diff.newValue && forbiddenTags.indexOf(info.diff.newValue.nodeType) !== -1) {
|
||||
console.log("Rejecting forbidden tag of type (%s)", info.diff.newValue.nodeName);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if (info.node && info.node.tagName === 'BODY') {
|
||||
if (info.diff.action === 'removeAttribute' &&
|
||||
['class', 'spellcheck'].indexOf(info.diff.name) !== -1) {
|
||||
|
|
Loading…
Reference in New Issue