diff options
author | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2018-04-23 15:59:42 -1000 |
---|---|---|
committer | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2018-04-23 20:57:26 -1000 |
commit | a448b261d6bffa420d1f0c4d57ebe852146001bf (patch) | |
tree | 8631f13ee17b8ddf8dbead146bb47e0f6d73605f | |
parent | be330fa3f2c5d90bbdcb9fd1ba45c550fac244a1 (diff) | |
download | patchfoo-a448b261d6bffa420d1f0c4d57ebe852146001bf.tar.gz patchfoo-a448b261d6bffa420d1f0c4d57ebe852146001bf.zip |
Fix double-html-escaped href
-rw-r--r-- | lib/render-msg.js | 14 | ||||
-rw-r--r-- | lib/render.js | 8 | ||||
-rw-r--r-- | lib/util.js | 4 |
3 files changed, 15 insertions, 11 deletions
diff --git a/lib/render-msg.js b/lib/render-msg.js index 4db7429..68c8147 100644 --- a/lib/render-msg.js +++ b/lib/render-msg.js @@ -36,10 +36,6 @@ RenderMsg.prototype.linkify = function (text) { return this.render.linkify(text) } -function token() { - return '__' + Math.random().toString(36).substr(2) + '__' -} - RenderMsg.prototype.raw = function (cb) { // linkify various things in the JSON. TODO: abstract this better @@ -52,7 +48,7 @@ RenderMsg.prototype.raw = function (cb) { // link to feed starting from this message if (m.value.sequence) { - var tok = token() + var tok = u.token() tokens[tok] = h('a', {href: this.toUrl(m.value.author + '?gt=' + (m.value.sequence-1))}, m.value.sequence) @@ -64,13 +60,13 @@ RenderMsg.prototype.raw = function (cb) { for (k in this.c) c[k] = this.c[k] // link to messages of same type - tok = token() + tok = u.token() tokens[tok] = h('a', {href: this.toUrl('/type/' + c.type)}, c.type) c.type = tok // link to channel if (c.channel) { - tok = token() + tok = u.token() tokens[tok] = h('a', {href: this.toUrl('#' + c.channel)}, c.channel) c.channel = tok } @@ -79,7 +75,7 @@ RenderMsg.prototype.raw = function (cb) { // TODO: recurse for (var k in c) { if (!c[k] || c[k][0] !== '#') continue - tok = token() + tok = u.token() tokens[tok] = h('a', {href: this.toUrl(c[k])}, c[k]) c[k] = tok } @@ -1501,7 +1497,7 @@ RenderMsg.prototype.imageMap = function (cb) { var self = this var imgLink = u.toLink(self.c.image) var imgRef = imgLink && imgLink.link - var mapName = 'map' + token() + var mapName = 'map' + u.token() self.wrap(h('div', [ h('map', {name: mapName}, u.toArray(self.c.areas).map(function (areaLink) { diff --git a/lib/render.js b/lib/render.js index bf61a43..7593e41 100644 --- a/lib/render.js +++ b/lib/render.js @@ -40,15 +40,19 @@ MdRenderer.prototype.link = function (ref, title, text) { var myName = this.render.app.getNameSync(ref) if (myName) title = title ? title + ' (' + myName + ')' : myName } + var hrefToken = href !== false ? u.token() : undefined var a = h('a', { class: href === false ? 'bad' : undefined, - href: href !== false ? href : undefined, + href: href !== false ? hrefToken : undefined, title: title || undefined, download: name ? encodeURIComponent(name) : undefined }) // text is already html-escaped a.innerHTML = text - return a.outerHTML + var html = a.outerHTML + // href is already html-escaped + if (hrefToken) html = html.replace(hrefToken, href) + return html } MdRenderer.prototype.mention = function (preceding, id) { diff --git a/lib/util.js b/lib/util.js index 15eb295..b80ea04 100644 --- a/lib/util.js +++ b/lib/util.js @@ -222,3 +222,7 @@ u.unescapeId = function (str) { u.rows = function (str) { return String(str).split(/[^\n]{150}|\n/).length } + +u.token = function () { + return '__' + Math.random().toString(36).substr(2) + '__' +} |