From d9013f43110a6474a8e52b72492bc490d50b7972 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 11 Nov 2013 16:47:49 -0800 Subject: provide real barebones XSS protection on e2ee contents and implement a few bbcode tags we're likely to see a lot of. Still need to write a js zid() function to properly implement zrl and zmg but at least they will be linked now. --- view/tpl/jot-header.tpl | 67 +++++++++++++++++++++++++++++++------------------ 1 file changed, 42 insertions(+), 25 deletions(-) (limited to 'view') diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl index 4457a6d52..eb7c5abdb 100755 --- a/view/tpl/jot-header.tpl +++ b/view/tpl/jot-header.tpl @@ -367,31 +367,48 @@ function enableOnUser(){ y = y.replace(re,str); }; - rep(/\n/gi,"
"); - rep(/\[b\]/gi,""); - rep(/\[\/b\]/gi,""); - rep(/\[i\]/gi,""); - rep(/\[\/i\]/gi,""); - rep(/\[u\]/gi,""); - rep(/\[\/u\]/gi,""); - rep(/\[hr\]/gi,"
"); - rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"$2"); - rep(/\[url\](.*?)\[\/url\]/gi,"$1"); - rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,""); - rep(/\[img\](.*?)\[\/img\]/gi,""); - - rep(/\[list\](.*?)\[\/list\]/gi, ''); - rep(/\[list=\](.*?)\[\/list\]/gi, ''); - rep(/\[list=1\](.*?)\[\/list\]/gi, ''); - rep(/\[list=i\](.*?)\[\/list\]/gi,''); - rep(/\[list=I\](.*?)\[\/list\]/gi, ''); - rep(/\[list=a\](.*?)\[\/list\]/gi, ''); - rep(/\[list=A\](.*?)\[\/list\]/gi, ''); - rep(/\[li\](.*?)\[\/li\]/gi, '
  • $1
  • '); - rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"$2"); - rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"$2"); - rep(/\[code\](.*?)\[\/code\]/gi,"$1"); - rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"
    $1
    "); + rep(/\&/gi,"&"); + rep(/\/gi,">"); + rep(/\"/gi,"""); + + rep(/\n/gi,"
    "); + rep(/\[b\]/gi,""); + rep(/\[\/b\]/gi,""); + rep(/\[i\]/gi,""); + rep(/\[\/i\]/gi,""); + rep(/\[u\]/gi,""); + rep(/\[\/u\]/gi,""); + rep(/\[hr\]/gi,"
    "); + rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"$2"); + rep(/\[url\](.*?)\[\/url\]/gi,"$1"); + rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi,""); + rep(/\[img\](.*?)\[\/img\]/gi,""); + + // FIXME - add zid + rep(/\[zrl=([^\]]+)\](.*?)\[\/zrl\]/gi,"$2"); + rep(/\[zrl\](.*?)\[\/zrl\]/gi,"$1"); + rep(/\[zmg=(.*?)x(.*?)\](.*?)\[\/zmg\]/gi,""); + rep(/\[zmg\](.*?)\[\/zmg\]/gi,""); + + rep(/\[list\](.*?)\[\/list\]/gi, ''); + rep(/\[list=\](.*?)\[\/list\]/gi, ''); + rep(/\[list=1\](.*?)\[\/list\]/gi, ''); + rep(/\[list=i\](.*?)\[\/list\]/gi,''); + rep(/\[list=I\](.*?)\[\/list\]/gi, ''); + rep(/\[list=a\](.*?)\[\/list\]/gi, ''); + rep(/\[list=A\](.*?)\[\/list\]/gi, ''); + rep(/\[li\](.*?)\[\/li\]/gi, '
  • $1
  • '); + rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"$2"); + rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"$2"); + rep(/\[code\](.*?)\[\/code\]/gi,"$1"); + rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"
    $1
    "); + + + + rep(/\[\&\;([#a-z0-9]+)\;\]/gi,'&$1;'); + + rep(/\<(.*?)(src|href)=\"[^hfm](.*?)\>/gi,'<$1$2="">'); return y; }; -- cgit v1.2.3