aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-11-11 16:47:49 -0800
committerfriendica <info@friendica.com>2013-11-11 16:47:49 -0800
commitd9013f43110a6474a8e52b72492bc490d50b7972 (patch)
treeaf65415dc359bc47ccfe7fa71e12e38d104ab1fd
parent4a3191cd1909dbfde861a113ba121e94b577a4cd (diff)
downloadvolse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.tar.gz
volse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.tar.bz2
volse-hubzilla-d9013f43110a6474a8e52b72492bc490d50b7972.zip
provide real barebones XSS protection on e2ee contents and implement a few bbcode tags we're likely to see a lot of. Still need to write a js zid() function to properly implement zrl and zmg but at least they will be linked now.
-rwxr-xr-xview/tpl/jot-header.tpl67
1 files changed, 42 insertions, 25 deletions
diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl
index 4457a6d52..eb7c5abdb 100755
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@@ -367,31 +367,48 @@ function enableOnUser(){
y = y.replace(re,str);
};
- rep(/\n/gi,"<br />");
- rep(/\[b\]/gi,"<strong>");
- rep(/\[\/b\]/gi,"</strong>");
- rep(/\[i\]/gi,"<em>");
- rep(/\[\/i\]/gi,"</em>");
- rep(/\[u\]/gi,"<u>");
- rep(/\[\/u\]/gi,"</u>");
- rep(/\[hr\]/gi,"<hr />");
- rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"<a href=\"$1\">$2</a>");
- rep(/\[url\](.*?)\[\/url\]/gi,"<a href=\"$1\">$1</a>");
- rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />");
- rep(/\[img\](.*?)\[\/img\]/gi,"<img src=\"$1\" />");
-
- rep(/\[list\](.*?)\[\/list\]/gi, '<ul class="listbullet" style="list-style-type: circle;">$1</ul>');
- rep(/\[list=\](.*?)\[\/list\]/gi, '<ul class="listnone" style="list-style-type: none;">$1</ul>');
- rep(/\[list=1\](.*?)\[\/list\]/gi, '<ul class="listdecimal" style="list-style-type: decimal;">$1</ul>');
- rep(/\[list=i\](.*?)\[\/list\]/gi,'<ul class="listlowerroman" style="list-style-type: lower-roman;">$1</ul>');
- rep(/\[list=I\](.*?)\[\/list\]/gi, '<ul class="listupperroman" style="list-style-type: upper-roman;">$1</ul>');
- rep(/\[list=a\](.*?)\[\/list\]/gi, '<ul class="listloweralpha" style="list-style-type: lower-alpha;">$1</ul>');
- rep(/\[list=A\](.*?)\[\/list\]/gi, '<ul class="listupperalpha" style="list-style-type: upper-alpha;">$1</ul>');
- rep(/\[li\](.*?)\[\/li\]/gi, '<li>$1</li>');
- rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"<span style=\"color: $1;\">$2</span>");
- rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"<span style=\"font-size: $1;\">$2</span>");
- rep(/\[code\](.*?)\[\/code\]/gi,"<code>$1</code>");
- rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"<blockquote>$1</blockquote>");
+ rep(/\&/gi,"&amp;");
+ rep(/\</gi,"&lt;");
+ rep(/\>/gi,"&gt;");
+ rep(/\"/gi,"&quot;");
+
+ rep(/\n/gi,"<br />");
+ rep(/\[b\]/gi,"<strong>");
+ rep(/\[\/b\]/gi,"</strong>");
+ rep(/\[i\]/gi,"<em>");
+ rep(/\[\/i\]/gi,"</em>");
+ rep(/\[u\]/gi,"<u>");
+ rep(/\[\/u\]/gi,"</u>");
+ rep(/\[hr\]/gi,"<hr />");
+ rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"<a href=\"$1\">$2</a>");
+ rep(/\[url\](.*?)\[\/url\]/gi,"<a href=\"$1\">$1</a>");
+ rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />");
+ rep(/\[img\](.*?)\[\/img\]/gi,"<img src=\"$1\" />");
+
+ // FIXME - add zid
+ rep(/\[zrl=([^\]]+)\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$2</a>");
+ rep(/\[zrl\](.*?)\[\/zrl\]/gi,"<a href=\"$1\">$1</a>");
+ rep(/\[zmg=(.*?)x(.*?)\](.*?)\[\/zmg\]/gi,"<img width=\"$1\" height=\"$2\" src=\"$3\" />");
+ rep(/\[zmg\](.*?)\[\/zmg\]/gi,"<img src=\"$1\" />");
+
+ rep(/\[list\](.*?)\[\/list\]/gi, '<ul class="listbullet" style="list-style-type: circle;">$1</ul>');
+ rep(/\[list=\](.*?)\[\/list\]/gi, '<ul class="listnone" style="list-style-type: none;">$1</ul>');
+ rep(/\[list=1\](.*?)\[\/list\]/gi, '<ul class="listdecimal" style="list-style-type: decimal;">$1</ul>');
+ rep(/\[list=i\](.*?)\[\/list\]/gi,'<ul class="listlowerroman" style="list-style-type: lower-roman;">$1</ul>');
+ rep(/\[list=I\](.*?)\[\/list\]/gi, '<ul class="listupperroman" style="list-style-type: upper-roman;">$1</ul>');
+ rep(/\[list=a\](.*?)\[\/list\]/gi, '<ul class="listloweralpha" style="list-style-type: lower-alpha;">$1</ul>');
+ rep(/\[list=A\](.*?)\[\/list\]/gi, '<ul class="listupperalpha" style="list-style-type: upper-alpha;">$1</ul>');
+ rep(/\[li\](.*?)\[\/li\]/gi, '<li>$1</li>');
+ rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"<span style=\"color: $1;\">$2</span>");
+ rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"<span style=\"font-size: $1;\">$2</span>");
+ rep(/\[code\](.*?)\[\/code\]/gi,"<code>$1</code>");
+ rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"<blockquote>$1</blockquote>");
+
+
+
+ rep(/\[\&amp\;([#a-z0-9]+)\;\]/gi,'&$1;');
+
+ rep(/\<(.*?)(src|href)=\"[^hfm](.*?)\>/gi,'<$1$2="">');
return y;
};