mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8187 from owncloud/escape-more-character 

Also encode > and '
This commit is contained in:
Morris Jobke 2014-06-02 10:59:47 +02:00
parent d39216c5e7 603b6c13b4
commit 27c8c87e94
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/js/js.js
View File

@ -154,7 +154,7 @@ function n(app, text_singular, text_plural, count, vars) {
* @return {string} Sanitized string
*/
function escapeHTML(s) {
return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
}
/**

11
core/js/tests/specs/coreSpec.js
View File

@ -124,6 +124,17 @@ describe('Core base tests', function() {
expect(OC.dirname('/subdir/')).toEqual('/subdir');
});
});
describe('escapeHTML', function() {
it('Returns nothing if no string was given', function() {
expect(escapeHTML('')).toEqual('');
});
it('Returns a sanitized string if a string containing HTML is given', function() {
expect(escapeHTML('There needs to be a <script>alert(\"Unit\" + \'test\')</script> for it!')).toEqual('There needs to be a &lt;script&gt;alert(&quot;Unit&quot; + &#039;test&#039;)&lt;/script&gt; for it!');
});
it('Returns the string without modification if no potentially dangerous character is passed.', function() {
expect(escapeHTML('This is a good string without HTML.')).toEqual('This is a good string without HTML.');
});
});
describe('Link functions', function() {
var TESTAPP = 'testapp';
var TESTAPP_ROOT = OC.webroot + '/appsx/testapp';