Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape potentially malicious fields.

Browse Source 
I don't think the comment or email fields will be an issue.
This commit is contained in:
Zixaphir 2014-05-07 23:11:50 -07:00
parent fd2992c831
commit 3f69b4d791
4 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE
View File

@ -1,5 +1,5 @@
/* /*
* appchan x - Version 2.9.25 - 2014-05-05 * appchan x - Version 2.9.25 - 2014-05-07
* *
* Licensed under the MIT license. * Licensed under the MIT license.
* https://github.com/zixaphir/appchan-x/blob/master/LICENSE * https://github.com/zixaphir/appchan-x/blob/master/LICENSE

14
builds/appchan-x.user.js
View File

@ -25,7 +25,7 @@
// ==/UserScript== // ==/UserScript==
/* /*
* appchan x - Version 2.9.25 - 2014-05-05 * appchan x - Version 2.9.25 - 2014-05-07
* *
* Licensed under the MIT license. * Licensed under the MIT license.
* https://github.com/zixaphir/appchan-x/blob/master/LICENSE * https://github.com/zixaphir/appchan-x/blob/master/LICENSE
@ -5791,7 +5791,7 @@
return path; return path;
}, },
postFromObject: function(data, boardID) { postFromObject: function(data, boardID) {
var o; var key, o, safetyBuffer, _i, _len, _ref;
o = { o = {
postID: data.no, postID: data.no,
threadID: data.resto || data.no, threadID: data.resto || data.no,
@ -5810,6 +5810,16 @@
isSticky: !!data.sticky, isSticky: !!data.sticky,
isClosed: !!data.closed isClosed: !!data.closed
}; };
safetyBuffer = $.el('div');
_ref = ['name', 'subject'];
for (_i = 0, _len = _ref.length; _i < _len; _i++) {
key = _ref[_i];
if (!o[key]) {
continue;
}
safetyBuffer.textContent = o[key];
o[key] = safetyBuffer.innerHTML;
}
if (data.ext || data.filedeleted) { if (data.ext || data.filedeleted) {
o.file = { o.file = {
name: data.filename + data.ext, name: data.filename + data.ext,

14
builds/crx/script.js
View File

@ -1,6 +1,6 @@
// Generated by CoffeeScript // Generated by CoffeeScript
/* /*
* appchan x - Version 2.9.25 - 2014-05-05 * appchan x - Version 2.9.25 - 2014-05-07
* *
* Licensed under the MIT license. * Licensed under the MIT license.
* https://github.com/zixaphir/appchan-x/blob/master/LICENSE * https://github.com/zixaphir/appchan-x/blob/master/LICENSE
@ -5849,7 +5849,7 @@
return path; return path;
}, },
postFromObject: function(data, boardID) { postFromObject: function(data, boardID) {
var o; var key, o, safetyBuffer, _i, _len, _ref;
o = { o = {
postID: data.no, postID: data.no,
threadID: data.resto || data.no, threadID: data.resto || data.no,
@ -5868,6 +5868,16 @@
isSticky: !!data.sticky, isSticky: !!data.sticky,
isClosed: !!data.closed isClosed: !!data.closed
}; };
safetyBuffer = $.el('div');
_ref = ['name', 'subject'];
for (_i = 0, _len = _ref.length; _i < _len; _i++) {
key = _ref[_i];
if (!o[key]) {
continue;
}
safetyBuffer.textContent = o[key];
o[key] = safetyBuffer.innerHTML;
}
if (data.ext || data.filedeleted) { if (data.ext || data.filedeleted) {
o.file = { o.file = {
name: data.filename + data.ext, name: data.filename + data.ext,

6
src/General/Build.coffee
View File

@ -42,6 +42,12 @@ Build =
isSticky: !!data.sticky isSticky: !!data.sticky
isClosed: !!data.closed isClosed: !!data.closed
# file # file
safetyBuffer = $.el 'div'
for key in ['name', 'subject'] when o[key]
safetyBuffer.textContent = o[key]
o[key] = safetyBuffer.innerHTML
if data.ext or data.filedeleted if data.ext or data.filedeleted
o.file = o.file =
name: data.filename + data.ext name: data.filename + data.ext