diff options
| author | Olivier Paroz <github@oparoz.com> | 2015-09-08 03:28:13 +0300 |
|---|---|---|
| committer | Olivier Paroz <github@oparoz.com> | 2015-09-24 11:18:45 +0300 |
| commit | 957419d7f0c6eb7417d34ce1bd245505c1326651 (patch) | |
| tree | f143dbcc1125777eb56da48fdade7bee6b23f9a2 | |
| parent | 3bef2d74c452ed3b673f0ac6c61c5714525856aa (diff) | |
Sanitize gallery.cnf even more using DOMPurify
| -rw-r--r-- | js/bower.json | 6 | ||||
| -rw-r--r-- | js/galleryinfobox.js | 16 | ||||
| -rw-r--r-- | templates/part.content.php | 1 | ||||
| -rw-r--r-- | templates/public.php | 1 |
4 files changed, 14 insertions, 10 deletions
diff --git a/js/bower.json b/js/bower.json index 1f67648e..5e7e3193 100644 --- a/js/bower.json +++ b/js/bower.json @@ -2,7 +2,8 @@ "name": "gallery", "homepage": "https://github.com/owncloud/gallery", "authors": [ - "Olivier Paroz <owncloud@interfasys.ch>" + "Olivier Paroz <owncloud@interfasys.ch>", + "Robin Appelman <icewind@owncloud.com>" ], "description": "Media gallery for ownCloud which includes previews for all media types supported by your ownCloud installation.", "license": "AGPL", @@ -17,6 +18,7 @@ "dependencies": { "eventsource-polyfill": "~0.*", "marked": "~0.*", - "github-markdown-css": "~2.*" + "github-markdown-css": "~2.*", + "dompurify": "~0.6.5" } } diff --git a/js/galleryinfobox.js b/js/galleryinfobox.js index b4712237..cb192cfb 100644 --- a/js/galleryinfobox.js +++ b/js/galleryinfobox.js @@ -1,4 +1,4 @@ -/* global Gallery, marked */ +/* global Gallery, marked, DOMPurify */ (function ($, t, Gallery) { "use strict"; /** @@ -41,9 +41,9 @@ thisInfoBox._addContent(data); } ).fail(function () { - thisInfoBox._addContent(t('gallery', - 'Could not load the description')); - }); + thisInfoBox._addContent(t('gallery', + 'Could not load the description')); + }); } else { this._addContent(this.albumInfo.description); } @@ -63,10 +63,10 @@ */ _addContent: function (content) { try { - content = marked(content, { + content = DOMPurify.sanitize(marked(content, { gfm: false, sanitize: true - }); + })); } catch (exception) { content = t('gallery', 'Could not load the description: ' + exception.message); @@ -104,10 +104,10 @@ if (!$.isEmptyObject(this.albumInfo.copyright)) { try { - copyright = marked(this.albumInfo.copyright, { + copyright = DOMPurify.sanitize(marked(this.albumInfo.copyright, { gfm: false, sanitize: true - }); + })); } catch (exception) { copyright = t('gallery', diff --git a/templates/part.content.php b/templates/part.content.php index 7703712a..d3d8d70c 100644 --- a/templates/part.content.php +++ b/templates/part.content.php @@ -22,6 +22,7 @@ script( 'vendor/modified-eventsource-polyfill/eventsource-polyfill', 'eventsource', 'vendor/marked/marked.min', + 'vendor/dompurify/purify', 'vendor/bigshot/bigshot-compressed', 'slideshow', 'slideshowcontrols', diff --git a/templates/public.php b/templates/public.php index 57fb4ca9..8ebe6369 100644 --- a/templates/public.php +++ b/templates/public.php @@ -22,6 +22,7 @@ script( 'vendor/modified-eventsource-polyfill/eventsource-polyfill', 'eventsource', 'vendor/marked/marked.min', + 'vendor/dompurify/purify', 'vendor/bigshot/bigshot-compressed', 'slideshow', 'slideshowcontrols', |