twisterarmy/twister-html
1
0
Fork 0
mirror of https://github.com/twisterarmy/twister-html.git synced 2025-03-13 05:51:03 +00:00
Code Issues Projects Releases Wiki Activity

fix of post formatting: fix of injection filter

Browse Source
This commit is contained in:
Simon Grim 2015-07-19 05:10:12 +05:00
parent 4baadb1165
commit 107754752a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/twister_formatpost.js
View File

@ -482,8 +482,8 @@ function htmlFormatMsg(msg, mentions) {
if (i < k) { if (i < k) {
var x = getSubStrEnd(msg.str, i, ':', false, '') + 1; var x = getSubStrEnd(msg.str, i, ':', false, '') + 1;
// following check is NOT for real protection (we have blocking CSP rule instead), it's just to aware people // following check is NOT for real protection (we have blocking CSP rule instead), it's just to aware people
if (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script' // other things would be added when W3C and all the people invent it if (msg.str[i] === '#' || (x > i && x < k && (msg.str.slice(x - 6, x).toLowerCase() === 'script' // other things would be added when W3C and all the people invent it
|| msg.str.slice(x - 4, x).toLowerCase() === 'data')) { || msg.str.slice(x - 4, x).toLowerCase() === 'data'))) {
msg = msgAddHtmlEntity(msg, j - 1, getSubStrEnd(msg.str, k + 1, ')', true, '') + 2, msg = msgAddHtmlEntity(msg, j - 1, getSubStrEnd(msg.str, k + 1, ')', true, '') + 2,
'…<br><b><i>' + polyglot.t('busted_oh') + '</i> ' '…<br><b><i>' + polyglot.t('busted_oh') + '</i> '
+ polyglot.t('busted_avowal') + ':</b><br><samp>' + polyglot.t('busted_avowal') + ':</b><br><samp>'