Browse Source

fix of post formatting: fix of injection filter

master
Simon Grim 9 years ago
parent
commit
107754752a
  1. 4
      js/twister_formatpost.js

4
js/twister_formatpost.js

@ -482,8 +482,8 @@ function htmlFormatMsg(msg, mentions) { @@ -482,8 +482,8 @@ function htmlFormatMsg(msg, mentions) {
if (i < k) {
var x = getSubStrEnd(msg.str, i, ':', false, '') + 1;
// following check is NOT for real protection (we have blocking CSP rule instead), it's just to aware people
if (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script' // other things would be added when W3C and all the people invent it
|| msg.str.slice(x - 4, x).toLowerCase() === 'data')) {
if (msg.str[i] === '#' || (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script' // other things would be added when W3C and all the people invent it
|| msg.str.slice(x - 4, x).toLowerCase() === 'data'))) {
msg = msgAddHtmlEntity(msg, j - 1, getSubStrEnd(msg.str, k + 1, ')', true, '') + 2,
'…<br><b><i>' + polyglot.t('busted_oh') + '</i> '
+ polyglot.t('busted_avowal') + ':</b><br><samp>'

Loading…
Cancel
Save