- fixing escaping of script tag in referers (xss)

git-svn-id: http://dev.piwik.org/svn/trunk@697 59fd770c-687e-43c8-a1e3-f5a4ff64c105

1 files changed, 31 insertions, 2 deletions

diff --git a/libs/jquery/truncate/jquery.truncate.js b/libs/jquery/truncate/jquery.truncate.js
index 8285e687bf..21e0180352 100644
--- a/libs/jquery/truncate/jquery.truncate.js
+++ b/libs/jquery/truncate/jquery.truncate.js
@@ -1,3 +1,32 @@
 
-jQuery.fn.truncate=function(max){return this.each(function(){var trail='...';if(jQuery(this).children().length==0)
-{v=jQuery.trim(jQuery(this).text());while(max<v.length){c=v.charAt(max);newStringTruncated=v.substring(0,max)+trail;charToRemove='"';regExp=new RegExp("["+charToRemove+"]","g");vCleaned=v.replace(regExp,"'");html='<span class="truncated" title="'+vCleaned+'">'+newStringTruncated+'</span>';jQuery(this).html(html);break;max--;}}});};
\ No newline at end of file
+jQuery.fn.truncate = function(max) {
+ return this.each(
+ 	function() {
+ 		var trail='...';
+ 		if(jQuery(this).children().length==0) {
+ 			v=jQuery.trim(jQuery(this).text());
+ 			while(max<v.length) {
+ 				c=v.charAt(max);
+ 				newStringTruncated=v.substring(0,max)+trail;
+ 				charToRemove='"';
+ 				regExp=new RegExp("["+charToRemove+"]","g");
+ 				vCleaned = v
+ 							.replace(regExp,"&amp;quot;")
+ 							.replace(/</g, '&amp;lt;')
+ 							.replace(/>/g, '&amp;gt;');
+ 				newStringTruncated = newStringTruncated
+		 										.replace(regExp,"'")
+		 										.replace(/</g, '&lt;')
+		 										.replace(/>/g, '&gt;');
+ 				html='<span class="truncated" title="'+vCleaned+'">'+newStringTruncated+'</span>';
+ 				console.log(vCleaned);
+ 				console.log(newStringTruncated);
+ 				console.log(html);
+ 				jQuery(this).html(html);
+ 				break;
+ 				max--;
+ 			}
+ 		}
+ 	}
+ );
+};
\ No newline at end of file