infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

simplify dropdown content sanitization

Browse Source
pull/1/head
ansuz 3 years ago
parent fe7531c137
commit e65d93efdf
4 changed files with 104 additions and 45 deletions
Show Stats Download Patch File Download Diff File

88
www/common/common-ui-elements.js
Unescape Escape View File

@ -1420,9 +1420,20 @@ define([
}
// Button
var $button = $('<button>', {
'class': config.buttonCls || ''
}).append($('<span>', {'class': 'cp-dropdown-button-title'}).html(config.text || ""));
var $button;
if (config.buttonContent) {
$button = $(h('button', {
class: config.buttonCls || '',
}, [
h('span.cp-dropdown-button-title', config.buttonContent),
]));
} else {
$button = $('<button>', {
'class': config.buttonCls || ''
}).append($('<span>', {'class': 'cp-dropdown-button-title'}).text(config.text || ""));
}
if (config.caretDown) {
$('<span>', {
'class': 'fa fa-caret-down',
@ -1445,8 +1456,24 @@ define([
var setOptions = function (options) {
options.forEach(function (o) {
if (!isValidOption(o)) { return; }
if (isElement(o)) { return $innerblock.append($(o)); }
var $el = $('<' + o.tag + '>', o.attributes || {}).html(o.content || '');
if (isElement(o)) { return $innerblock.append(o); }
var $el = $('<' + o.tag + '>', o.attributes || {});
if (typeof(o.content) === 'string' || (o.content instanceof Element)) {
o.content = [o.content];
}
if (Array.isArray(o.content)) {
o.content.forEach(function (item) {
if (item instanceof Element) {
return void $el.append(item);
}
if (typeof(item) === 'string') {
$el[0].appendChild(document.createTextNode(item));
}
});
// array of elements or text nodes
}
$el.appendTo($innerblock);
if (typeof(o.action) === 'function') {
$el.click(function (e) {
@ -1533,8 +1560,8 @@ define([
$container.on('click', 'a', function () {
value = $(this).data('value');
var $val = $(this);
var textValue = $val.html() || value;
$button.find('.cp-dropdown-button-title').html(textValue);
var textValue = $val.text() || value;
$button.find('.cp-dropdown-button-title').text(textValue);
$container.onChange.fire(textValue, value);
});
$container.keydown(function (e) {
@ -1594,14 +1621,13 @@ define([
$container.setValue = function (val, name, sync) {
value = val;
var $val = $innerblock.find('[data-value="'+val+'"]');
var textValue = name || $val.html() || val;
if (sync) {
$button.find('.cp-dropdown-button-title').html(textValue);
return;
}
setTimeout(function () {
$button.find('.cp-dropdown-button-title').html(textValue);
});
var textValue = name || $val.text() || val;
var f = function () {
$button.find('.cp-dropdown-button-title').text(textValue);
};
if (sync) { return void f(); }
setTimeout(f);
};
$container.getValue = function () {
return typeof(value) === "undefined" ? '' : value;
@ -1676,33 +1702,37 @@ define([
var metadataMgr = Common.getMetadataMgr();
var displayNameCls = config.displayNameCls || 'cp-toolbar-user-name';
var $displayedName = $('<span>', {'class': displayNameCls});
var priv = metadataMgr.getPrivateData();
var accountName = Util.fixHTML(priv.accountName);
var origin = priv.origin;
var padType = metadataMgr.getMetadata().type;
var $userName = $('<span>');
var options = [];
if (config.displayNameCls) {
var $userAdminContent = $('<p>');
var userAdminContent = [];
if (accountName) {
var $userAccount = $('<span>').append(Messages.user_accountName + ': ');
$userAdminContent.append($userAccount).append(accountName);
$userAdminContent.append($('<br>'));
userAdminContent.push(h('span', [
Messages.user_accountName,
': ',
h('span', accountName),
]));
userAdminContent.push(h('br'));
}
if (config.displayName && !AppConfig.disableProfile) {
// Hide "Display name:" in read only mode
$userName.append(Messages.user_displayName + ': ');
$userName.append($displayedName);
userAdminContent.push(h('span', [
Messages.user_displayName,
': ',
h('span', {
class: displayNameCls,
}),
]));
}
$userAdminContent.append($userName);
options.push({
tag: 'p',
attributes: {'class': 'cp-toolbar-account'},
content: $userAdminContent.html()
content: userAdminContent,
});
}
@ -1964,7 +1994,7 @@ define([
$userbig.append($('<span>', {'class': 'account-name'}).text(accountName));
}*/
var dropdownConfigUser = {
text: $userButton.html(), // Button initial text
buttonContent: $userButton[0],
options: options, // Entries displayed in the menu
left: true, // Open to the left of the button
container: config.$initBlock, // optional
@ -2066,7 +2096,9 @@ define([
'data-value': l,
'href': '#',
},
content: languages[l] // Pretty name of the language value
content: [ // supplying content as an array ensures it's a text node, not parsed HTML
languages[l] // Pretty name of the language value
],
});
});
var dropdownConfig = {

55
www/common/drive-ui.js
Unescape Escape View File

@ -2935,34 +2935,49 @@ define([
if (isInRoot) {
options.push({
tag: 'a',
attributes: {'class': 'cp-app-drive-new-folder'},
content: $('<div>').append($folderIcon.clone()).html() + Messages.fm_folder
attributes: {'class': 'cp-app-drive-new-folder pewpew'},
content: [
$folderIcon.clone()[0],
Messages.fm_folder,
],
});
if (!APP.disableSF && !manager.isInSharedFolder(currentPath)) {
options.push({
tag: 'a',
attributes: {'class': 'cp-app-drive-new-shared-folder'},
content: $('<div>').append($sharedFolderIcon.clone()).html() + Messages.fm_sharedFolder
content: [
$sharedFolderIcon.clone()[0],
Messages.fm_sharedFolder,
],
});
}
options.push({tag: 'hr'});
options.push({
tag: 'a',
attributes: {'class': 'cp-app-drive-new-fileupload'},
content: $('<div>').append(getIcon('fileupload')).html() + Messages.uploadButton
content: [
getIcon('fileupload')[0],
Messages.uploadButton,
],
});
if (APP.allowFolderUpload) {
options.push({
tag: 'a',
attributes: {'class': 'cp-app-drive-new-folderupload'},
content: $('<div>').append(getIcon('folderupload')).html() + Messages.uploadFolderButton
content: [
getIcon('folderupload')[0],
Messages.uploadFolderButton,
],
});
}
options.push({tag: 'hr'});
options.push({
tag: 'a',
attributes: {'class': 'cp-app-drive-new-link'},
content: $('<div>').append(getIcon('link')).html() + Messages.fm_link_new
content: [
getIcon('link')[0],
Messages.fm_link_new,
],
});
options.push({tag: 'hr'});
}
@ -2983,14 +2998,17 @@ define([
options.push({
tag: 'a',
attributes: attributes,
content: $('<div>').append(getIcon(type)).html() + Messages.type[type]
content: [
getIcon(type)[0],
Messages.type[type],
],
});
});
var $plusIcon = $('<div>').append($('<span>', {'class': 'fa fa-plus'}));
var dropdownConfig = {
text: $plusIcon.html() + '<span>'+Messages.fm_newButton+'</span>',
buttonContent: [
h('span.fa.fa-plus'),
h('span', Messages.fm_newButton),
],
options: options,
feedback: 'DRIVE_NEWPAD_LOCALFOLDER',
common: common
@ -3071,15 +3089,24 @@ define([
var options = [{
tag: 'a',
attributes: {'class': 'cp-app-drive-element-type'},
content: '<i class="fa fa-minus"></i>' + Messages.fm_type
content: [
h('i.fa.fa-minus'),
Messages.fm_type,
],
},{
tag: 'a',
attributes: {'class': 'cp-app-drive-element-atime'},
content: '<i class="fa fa-minus"></i>' + Messages.fm_lastAccess
content: [
h('i.fa.fa-minus'),
Messages.fm_lastAccess,
],
},{
tag: 'a',
attributes: {'class': 'cp-app-drive-element-ctime'},
content: '<i class="fa fa-minus"></i>' + Messages.fm_creation
content: [
h('i.fa.fa-minus'),
Messages.fm_creation,
],
}];
var dropdownConfig = {
text: '', // Button initial text

2
www/common/sframe-app-framework.js
Unescape Escape View File

@ -663,7 +663,7 @@ define([
'data-value': '',
'href': '#'
},
content: '&nbsp;'
content: ' ',
});
var dropdownConfig = {
text: ext, // Button initial text

4
www/common/sframe-common-codemirror.js
Unescape Escape View File

@ -343,7 +343,7 @@ define([
'data-value': l.mode,
'href': '#',
},
content: l.language // Pretty name of the language value
content: [l.language] // Pretty name of the language value
});
});
var dropdownConfig = {
@ -395,7 +395,7 @@ define([
'data-value': l.name,
'href': '#',
},
content: l.name // Pretty name of the language value
content: [l.name] // Pretty name of the language value
});
});
var dropdownConfig = {

Write Preview
Loading…
Cancel
Save