Skip to content
This repository has been archived by the owner on Apr 3, 2020. It is now read-only.

Commit

Permalink
Merge pull request #130 from JN-Jones/fix-127-username-xss
Browse files Browse the repository at this point in the history
#127 Username XSS
  • Loading branch information
euantorano committed May 19, 2015
2 parents fd78ffc + 64c08b5 commit 3d0da84
Show file tree
Hide file tree
Showing 6 changed files with 102 additions and 8 deletions.
51 changes: 49 additions & 2 deletions public/assets/js/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -708,7 +708,7 @@
$('html').addClass('js');

$(function () {

$('.nojs').hide();

if(Modernizr.touch)
Expand All @@ -717,7 +717,6 @@ $(function () {

});
}

else
{
$('span.icons i, a, .caption, time').powerTip({ placement: 's', smartPlacement: true });
Expand Down Expand Up @@ -838,6 +837,54 @@ $(function () {
});*/
});

// Overwrite the powertip helper function - it's nearly the same
function getTooltipContent(element) {
var tipText = element.data(DATA_POWERTIP),
tipObject = element.data(DATA_POWERTIPJQ),
tipTarget = element.data(DATA_POWERTIPTARGET),
targetElement,
content;

if (tipText) {
if ($.isFunction(tipText)) {
tipText = tipText.call(element[0]);
}
content = tipText;
} else if (tipObject) {
if ($.isFunction(tipObject)) {
tipObject = tipObject.call(element[0]);
}
if (tipObject.length > 0) {
content = tipObject.clone(true, true);
}
} else if (tipTarget) {
targetElement = $('#' + tipTarget);
if (targetElement.length > 0) {
content = targetElement.html();
}
}

// Except we're escaping html
return escapeHTML(content);
}

// Source: http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery

var entityMap = {
"&": "&",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};

function escapeHTML(string) {
return String(string).replace(/[&<>"'\/]/g, function (s) {
return entityMap[s];
});
}

function submitFormAsGet(id, newRoute) {
var form = $('#' + id);
form.find("input[name=_token]").val('');
Expand Down
2 changes: 1 addition & 1 deletion public/assets/js/main.js.min.map

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion public/assets/js/main.min.js

Large diffs are not rendered by default.

51 changes: 49 additions & 2 deletions public/js/other.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
$('html').addClass('js');

$(function () {

$('.nojs').hide();

if(Modernizr.touch)
Expand All @@ -10,7 +10,6 @@ $(function () {

});
}

else
{
$('span.icons i, a, .caption, time').powerTip({ placement: 's', smartPlacement: true });
Expand Down Expand Up @@ -131,6 +130,54 @@ $(function () {
});*/
});

// Overwrite the powertip helper function - it's nearly the same
function getTooltipContent(element) {
var tipText = element.data(DATA_POWERTIP),
tipObject = element.data(DATA_POWERTIPJQ),
tipTarget = element.data(DATA_POWERTIPTARGET),
targetElement,
content;

if (tipText) {
if ($.isFunction(tipText)) {
tipText = tipText.call(element[0]);
}
content = tipText;
} else if (tipObject) {
if ($.isFunction(tipObject)) {
tipObject = tipObject.call(element[0]);
}
if (tipObject.length > 0) {
content = tipObject.clone(true, true);
}
} else if (tipTarget) {
targetElement = $('#' + tipTarget);
if (targetElement.length > 0) {
content = targetElement.html();
}
}

// Except we're escaping html
return escapeHTML(content);
}

// Source: http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery

var entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};

function escapeHTML(string) {
return String(string).replace(/[&<>"'\/]/g, function (s) {
return entityMap[s];
});
}

function submitFormAsGet(id, newRoute) {
var form = $('#' + id);
form.find("input[name=_token]").val('');
Expand Down
2 changes: 1 addition & 1 deletion resources/lang/en/topic.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
'restore' => 'Restore',
'softDeleted' => 'Soft Deleted',
'goToXProfile' => "Go to :name's profile",
'XAvarar' => ":name's avatar",
'XAvatar' => ":name's avatar",
'like' => 'Like',
'unlike' => 'Unlike',
'quote' => 'Quote',
Expand Down
2 changes: 1 addition & 1 deletion resources/views/topic/show.twig
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<div class="post{{ (post.trashed or (topic.trashed and loop.first)) ? ' soft-deleted' }}" id="post-{{ post.id }}" data-postid="{{ post.id }}" data-type="post">
<div class="post__meta">

<a href="{{ url_route('user.profile', [post.author.id, post.author.name]) }}" class="avatar-profile-link" title="{{ trans('topic.goToXProfile', { 'name':post.author.name}) }}"><img src="{{ post.author.avatar }}" class="avatar" alt="{{ trans('topic.XAvatar', { 'name':post.author.name}) }}" /></a>
<a href="{{ url_route('user.profile', [post.author.name, post.author.id]) }}" class="avatar-profile-link" title="{{ trans('topic.goToXProfile', {'name': post.author.name}) }}"><img src="{{ post.author.avatar }}" class="avatar" alt="{{ trans('topic.XAvatar', {'name': post.author.name}) }}" /></a>
<h3 class="post__author">{{ render_profile_link(post.author) }}</h3>
{{ post_date_link(url_route('topics.showPost', [topic.slug, topic.id, post.id]), post.created_at) }}
{% if post.trashed or (topic.trashed and loop.first) %}
Expand Down

0 comments on commit 3d0da84

Please sign in to comment.