0x2620/oxjs
2
0
Fork 1
Code Issues 172 Pull requests Releases Wiki Activity

fix Ox.sanitzeHTML if urls are inside an open a tag

Browse source
This commit is contained in:
j 2012-06-16 13:16:30 +02:00
parent cd6e17d124
commit 53966f3f53
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
source/Ox/js/HTML.js
View file

@ -434,6 +434,8 @@
'<a href="mailto:foo@bar.com">foo</a>' '<a href="mailto:foo@bar.com">foo</a>'
> Ox.sanitizeHTML('<a href="http://foo.com">foo</a>') > Ox.sanitizeHTML('<a href="http://foo.com">foo</a>')
'<a href="http://foo.com">foo</a>' '<a href="http://foo.com">foo</a>'
> Ox.sanitizeHTML('<a href="http://www.foo.com/">http://www.foo.com/</a>')
'<a href="http://www.foo.com/">http://www.foo.com/</a>'
> Ox.sanitizeHTML('<a href="http://foo.com" onclick="alert()">foo</a>') > Ox.sanitizeHTML('<a href="http://foo.com" onclick="alert()">foo</a>')
'<a href="http://foo.com">foo</a>' '<a href="http://foo.com">foo</a>'
> Ox.sanitizeHTML('<a href="javascript:alert()">foo</a>') > Ox.sanitizeHTML('<a href="javascript:alert()">foo</a>')
@ -474,10 +476,11 @@
}); });
}); });
}); });
html = Ox.addLinks(Ox.encodeHTMLEntities(html), true); html = Ox.encodeHTMLEntities(html);
matches.forEach(function(match, i) { matches.forEach(function(match, i) {
html = html.replace(new RegExp(salt.join(i)), match); html = html.replace(new RegExp(salt.join(i)), match);
}); });
html = Ox.addLinks(html, true);
html = html.replace(/\n\n/g, '<br/><br/>'); html = html.replace(/\n\n/g, '<br/><br/>');
// Close extra opening and remove extra closing tags. // Close extra opening and remove extra closing tags.
// Note: this converts '&apos;' to "'" and '&quot;' to '"' // Note: this converts '&apos;' to "'" and '&quot;' to '"'