diff options
author | friendica <info@friendica.com> | 2013-11-11 16:47:49 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-11-11 16:47:49 -0800 |
commit | d9013f43110a6474a8e52b72492bc490d50b7972 (patch) | |
tree | af65415dc359bc47ccfe7fa71e12e38d104ab1fd | |
parent | 4a3191cd1909dbfde861a113ba121e94b577a4cd (diff) | |
download | volse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.tar.gz volse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.tar.bz2 volse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.zip |
provide real barebones XSS protection on e2ee contents and implement a few bbcode tags we're likely to see a lot of. Still need to write a js zid() function to properly implement zrl and zmg but at least they will be linked now.
-rwxr-xr-x | view/tpl/jot-header.tpl | 67 |
1 files changed, 42 insertions, 25 deletions
diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl index 4457a6d52..eb7c5abdb 100755 --- a/view/tpl/jot-header.tpl +++ b/view/tpl/jot-header.tpl @@ -367,31 +367,48 @@ function enableOnUser(){ y = y.replace(re,str); }; - rep(/\n/gi,"<br />"); - rep(/\[b\]/gi,"<strong>"); - rep(/\[\/b\]/gi,"</strong>"); - rep(/\[i\]/gi,"<em>"); - rep(/\[\/i\]/gi,"</em>"); - rep(/\[u\]/gi,"<u>"); - rep(/\[\/u\]/gi,"</u>"); - rep(/\[hr\]/gi,"<hr />"); - rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"<a href=\"$1\">$2</a>"); - rep(/\[url\](.*?)\[\/url\]/gi,"<a href=\"$1\">$1</a>"); - rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />"); - rep(/\[img\](.*?)\[\/img\]/gi,"<img src=\"$1\" />"); - - rep(/\[list\](.*?)\[\/list\]/gi, '<ul class="listbullet" style="list-style-type: circle;">$1</ul>'); - rep(/\[list=\](.*?)\[\/list\]/gi, '<ul class="listnone" style="list-style-type: none;">$1</ul>'); - rep(/\[list=1\](.*?)\[\/list\]/gi, '<ul class="listdecimal" style="list-style-type: decimal;">$1</ul>'); - rep(/\[list=i\](.*?)\[\/list\]/gi,'<ul class="listlowerroman" style="list-style-type: lower-roman;">$1</ul>'); - rep(/\[list=I\](.*?)\[\/list\]/gi, '<ul class="listupperroman" style="list-style-type: upper-roman;">$1</ul>'); - rep(/\[list=a\](.*?)\[\/list\]/gi, '<ul class="listloweralpha" style="list-style-type: lower-alpha;">$1</ul>'); - rep(/\[list=A\](.*?)\[\/list\]/gi, '<ul class="listupperalpha" style="list-style-type: upper-alpha;">$1</ul>'); - rep(/\[li\](.*?)\[\/li\]/gi, '<li>$1</li>'); - rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"<span style=\"color: $1;\">$2</span>"); - rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"<span style=\"font-size: $1;\">$2</span>"); - rep(/\[code\](.*?)\[\/code\]/gi,"<code>$1</code>"); - rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"<blockquote>$1</blockquote>"); + rep(/\&/gi,"&"); + rep(/\</gi,"<"); + rep(/\>/gi,">"); + rep(/\"/gi,"""); + + rep(/\n/gi,"<br />"); + rep(/\[b\]/gi,"<strong>"); + rep(/\[\/b\]/gi,"</strong>"); + rep(/\[i\]/gi,"<em>"); + rep(/\[\/i\]/gi,"</em>"); + rep(/\[u\]/gi,"<u>"); + rep(/\[\/u\]/gi,"</u>"); + rep(/\[hr\]/gi,"<hr />"); + rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"<a href=\"$1\">$2</a>"); + rep(/\[url\](.*?)\[\/url\]/gi,"<a href=\"$1\">$1</a>"); + rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />"); + rep(/\[img\](.*?)\[\/img\]/gi,"<img src=\"$1\" />"); + + // FIXME - add zid + rep(/\[zrl=([^\]]+)\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$2</a>"); + rep(/\[zrl\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$1</a>"); + rep(/\[zmg=(.*?)x(.*?)\](.*?)\[\/zmg\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />"); + rep(/\[zmg\](.*?)\[\/zmg\]/gi,"<img src=\"$1\" />"); + + rep(/\[list\](.*?)\[\/list\]/gi, '<ul class="listbullet" style="list-style-type: circle;">$1</ul>'); + rep(/\[list=\](.*?)\[\/list\]/gi, '<ul class="listnone" style="list-style-type: none;">$1</ul>'); + rep(/\[list=1\](.*?)\[\/list\]/gi, '<ul class="listdecimal" style="list-style-type: decimal;">$1</ul>'); + rep(/\[list=i\](.*?)\[\/list\]/gi,'<ul class="listlowerroman" style="list-style-type: lower-roman;">$1</ul>'); + rep(/\[list=I\](.*?)\[\/list\]/gi, '<ul class="listupperroman" style="list-style-type: upper-roman;">$1</ul>'); + rep(/\[list=a\](.*?)\[\/list\]/gi, '<ul class="listloweralpha" style="list-style-type: lower-alpha;">$1</ul>'); + rep(/\[list=A\](.*?)\[\/list\]/gi, '<ul class="listupperalpha" style="list-style-type: upper-alpha;">$1</ul>'); + rep(/\[li\](.*?)\[\/li\]/gi, '<li>$1</li>'); + rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"<span style=\"color: $1;\">$2</span>"); + rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"<span style=\"font-size: $1;\">$2</span>"); + rep(/\[code\](.*?)\[\/code\]/gi,"<code>$1</code>"); + rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"<blockquote>$1</blockquote>"); + + + + rep(/\[\&\;([#a-z0-9]+)\;\]/gi,'&$1;'); + + rep(/\<(.*?)(src|href)=\"[^hfm](.*?)\>/gi,'<$1$2="">'); return y; }; |