Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rewrite FileInfo for easier XSS checking

Browse Source
This commit is contained in:
ccd0 2014-06-29 00:05:55 -07:00
parent 646c29c4bc
commit 136f778743
2 changed files with 47 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/General/Settings.coffee
View File

@ -420,7 +420,7 @@ Settings =
dimensions: '1280x720' dimensions: '1280x720'
isImage: true isImage: true
isSpoiler: true isSpoiler: true
@nextElementSibling.innerHTML = FileInfo.h_format @value, data FileInfo.format @value, data, @nextElementSibling
favicon: -> favicon: ->
Favicon.switch() Favicon.switch()
Unread.update() if g.VIEW is 'thread' and Conf['Unread Favicon'] Unread.update() if g.VIEW is 'thread' and Conf['Unread Favicon']

66
src/Miscellaneous/FileInfo.coffee
View File

@ -7,29 +7,55 @@ FileInfo =
cb: @node cb: @node
node: -> node: ->
return if !@file or @isClone return if !@file or @isClone
@file.text.innerHTML = "<span class='file-info'>#{FileInfo.h_format Conf['fileInfo'], @}</span>" @file.text.innerHTML = '<span class="file-info"></span>'
h_format: (formatString, post) -> FileInfo.format Conf['fileInfo'], @, @file.text.firstElementChild
format: (formatString, post, outputNode) ->
output = innerHTML: ''
formatString.replace /%([A-Za-z])|[^%]+/g, (s, c) -> formatString.replace /%([A-Za-z])|[^%]+/g, (s, c) ->
if c of FileInfo.h_formatters if c of FileInfo.formatters
FileInfo.h_formatters[c].call(post) FileInfo.formatters[c].call post, output
else else
E s output.innerHTML += E s
h_formatters: ''
t: -> E @file.URL.match(/\d+\..+$/)[0] outputNode.innerHTML = output.innerHTML
T: -> "<a href='#{E @file.URL}' target='_blank'>#{FileInfo.h_formatters.t.call @}</a>" formatters:
l: -> "<a href='#{E @file.URL}' target='_blank'>#{FileInfo.h_formatters.n.call @}</a>" t: (x) ->
L: -> "<a href='#{E @file.URL}' target='_blank'>#{FileInfo.h_formatters.N.call @}</a>" timestamp = @file.URL.match(/\d+\..+$/)[0]
n: -> x.innerHTML += E timestamp
T: (x) ->
x.innerHTML += "<a href='#{E @file.URL}' target='_blank'>"
FileInfo.formatters.t.call @, x
x.innerHTML += '</a>'
l: (x) ->
x.innerHTML += "<a href='#{E @file.URL}' target='_blank'>"
FileInfo.formatters.n.call @, x
x.innerHTML += '</a>'
L: (x) ->
x.innerHTML += "<a href='#{E @file.URL}' target='_blank'>"
FileInfo.formatters.N.call @, x
x.innerHTML += '</a>'
n: (x) ->
fullname = @file.name fullname = @file.name
shortname = Build.shortFilename @file.name, @isReply shortname = Build.shortFilename @file.name, @isReply
if fullname is shortname if fullname is shortname
E fullname x.innerHTML += E fullname
else else
"<span class='fnswitch'><span class='fntrunc'>#{E shortname}</span><span class='fnfull'>#{E fullname}</span></span>" x.innerHTML += "<span class='fnswitch'><span class='fntrunc'>#{E shortname}</span><span class='fnfull'>#{E fullname}</span></span>"
N: -> E @file.name N: (x) ->
p: -> if @file.isSpoiler then 'Spoiler, ' else '' x.innerHTML += E @file.name
s: -> E @file.size p: (x) ->
B: -> return "#{+@file.sizeInBytes} Bytes" if @file.isSpoiler
K: -> "#{+Math.round(@file.sizeInBytes/1024)} KB" x.innerHTML += 'Spoiler, '
M: -> "#{+Math.round(@file.sizeInBytes/1048576*100)/100} MB" s: (x) ->
r: -> E (@file.dimensions or 'PDF') x.innerHTML += E @file.size
B: (x) ->
x.innerHTML += "#{+@file.sizeInBytes} Bytes"
K: (x) ->
sizeKB = Math.round(@file.sizeInBytes/1024)
x.innerHTML += "#{+sizeKB} KB"
M: (x) ->
sizeMB = Math.round(@file.sizeInBytes/1048576*100)/100
x.innerHTML += "#{+sizeMB} MB"
r: (x) ->
dim = @file.dimensions or 'PDF'
x.innerHTML += E dim