opendev/gerrit
Code Issues Proposed changes

Merge "Remove unnecessary HTML escaping"

Browse Source
This commit is contained in:
Wyatt Allen
2017-01-31 19:22:48 +00:00
committed by Gerrit Code Review
parent 0d4e39b35d 3b824c577d
commit 5a3435fb57
4 changed files with 33 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder.js
View File

@@ -14,6 +14,17 @@
(function(window, GrDiffGroup, GrDiffLine) { (function(window, GrDiffGroup, GrDiffLine) {
'use strict'; 'use strict';
var HTML_ENTITY_PATTERN = /[&<>"'`\/]/g;
var HTML_ENTITY_MAP = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
'\'': '&#39;',
'/': '&#x2F;',
'`': '&#96;',
};
// Prevent redefinition. // Prevent redefinition.
if (window.GrDiffBuilder) { return; } if (window.GrDiffBuilder) { return; }
@@ -386,7 +397,7 @@
td.classList.add('content'); td.classList.add('content');
} }
td.classList.add(line.type); td.classList.add(line.type);
var html = util.escapeHTML(text); var html = this._escapeHTML(text);
html = this._addTabWrappers(html, this._prefs.tab_size); html = this._addTabWrappers(html, this._prefs.tab_size);
if (!this._prefs.line_wrapping && if (!this._prefs.line_wrapping &&
@@ -577,5 +588,11 @@
!(!group.adds.length && !group.removes.length); !(!group.adds.length && !group.removes.length);
}; };
GrDiffBuilder.prototype._escapeHTML = function(str) {
return str.replace(HTML_ENTITY_PATTERN, function(s) {
return HTML_ENTITY_MAP[s];
});
};
window.GrDiffBuilder = GrDiffBuilder; window.GrDiffBuilder = GrDiffBuilder;
})(window, GrDiffGroup, GrDiffLine); })(window, GrDiffGroup, GrDiffLine);

13
polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder_test.html
View File

@@ -949,6 +949,19 @@ limitations under the License.
done(); done();
}); });
}); });
test('_escapeHTML', function() {
var input = '<script>alert("XSS");<' + '/script>';
var expected = '&lt;script&gt;alert(&quot;XSS&quot;);' +
'&lt;&#x2F;script&gt;';
var result = GrDiffBuilder.prototype._escapeHTML(input);
assert.equal(result, expected);
input = '& < > " \' / `';
expected = '&amp; &lt; &gt; &quot; &#39; &#x2F; &#96;';
result = GrDiffBuilder.prototype._escapeHTML(input);
assert.equal(result, expected);
});
}); });
}); });
</script> </script>

4
polygerrit-ui/app/elements/shared/gr-account-label/gr-account-label.js
View File

@@ -33,10 +33,10 @@
if (!account || (!account.name && !account.email)) { return; } if (!account || (!account.name && !account.email)) { return; }
var result = ''; var result = '';
if (account.name) { if (account.name) {
result += util.escapeHTML(account.name); result += account.name;
} }
if (account.email) { if (account.email) {
result += ' <' + util.escapeHTML(account.email) + '>'; result += ' <' + account.email + '>';
} }
return result; return result;
}, },

16
polygerrit-ui/app/scripts/util.js
View File

@@ -24,22 +24,6 @@
return new Date(dateStr.replace(' ', 'T') + 'Z'); return new Date(dateStr.replace(' ', 'T') + 'Z');
}; };
util.htmlEntityMap = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
'\'': '&#39;',
'/': '&#x2F;',
'`': '&#96;',
};
util.escapeHTML = function(str) {
return str.replace(/[&<>"'`\/]/g, function(s) {
return util.htmlEntityMap[s];
});
};
util.getCookie = function(name) { util.getCookie = function(name) {
var key = name + '='; var key = name + '=';
var cookies = document.cookie.split(';'); var cookies = document.cookie.split(';');