ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #3040 from CatoTH/Issue3024-Escaping-of-HTML-elements

Browse Source 
Bugfix for #3024 - escaping HTML tags
This commit is contained in:
Norman Jäckel 2017-03-05 20:19:24 +01:00 committed by GitHub
commit a33d504c6b
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openslides/motions/static/js/motions/diff.js
View File

@ -172,7 +172,7 @@ angular.module('OpenSlidesApp.motions.diff', ['OpenSlidesApp.motions.lineNumberi
this._serializeDom = function(node, stripLineNumbers) { this._serializeDom = function(node, stripLineNumbers) {
if (node.nodeType == TEXT_NODE) { if (node.nodeType == TEXT_NODE) {
return node.nodeValue; return node.nodeValue.replace(/</g, "&lt;").replace(/>/g, "&gt;");
} }
if (stripLineNumbers && ( if (stripLineNumbers && (
lineNumberingService._isOsLineNumberNode(node) || lineNumberingService._isOsLineBreakNode(node))) { lineNumberingService._isOsLineNumberNode(node) || lineNumberingService._isOsLineBreakNode(node))) {
@ -193,7 +193,7 @@ angular.module('OpenSlidesApp.motions.diff', ['OpenSlidesApp.motions.lineNumberi
var html = this._serializeTag(node); var html = this._serializeTag(node);
for (var i = 0; i < node.childNodes.length; i++) { for (var i = 0; i < node.childNodes.length; i++) {
if (node.childNodes[i].nodeType == TEXT_NODE) { if (node.childNodes[i].nodeType == TEXT_NODE) {
html += node.childNodes[i].nodeValue; html += node.childNodes[i].nodeValue.replace(/</g, "&lt;").replace(/>/g, "&gt;");
} else if (!stripLineNumbers || (!lineNumberingService._isOsLineNumberNode(node.childNodes[i]) && !lineNumberingService._isOsLineBreakNode(node.childNodes[i]))) { } else if (!stripLineNumbers || (!lineNumberingService._isOsLineNumberNode(node.childNodes[i]) && !lineNumberingService._isOsLineBreakNode(node.childNodes[i]))) {
html += this._serializeDom(node.childNodes[i], stripLineNumbers); html += this._serializeDom(node.childNodes[i], stripLineNumbers);
} }

6
tests/karma/motions/diff.service.test.js
View File

@ -188,6 +188,12 @@ describe('linenumbering', function () {
expect(diff.outerContextStart).toBe('<OL start="3">'); expect(diff.outerContextStart).toBe('<OL start="3">');
expect(diff.outerContextEnd).toBe('</OL>'); expect(diff.outerContextEnd).toBe('</OL>');
}); });
it('escapes text resembling HTML-Tags', function () {
var inHtml = '<h2>' + noMarkup(1) + 'Looks like a &lt;p&gt; tag &lt;/p&gt;</h2><p>' + noMarkup(2) + 'Another line</p>';
var diff = diffService.extractRangeByLineNumbers(inHtml, 1, 2, true);
expect(diff.html).toBe('<H2>Looks like a &lt;p&gt; tag &lt;/p&gt;</H2>');
});
}); });
describe('merging two sections', function () { describe('merging two sections', function () {