diff options
author | binsky <timo@binsky.org> | 2021-03-14 20:22:20 +0300 |
---|---|---|
committer | binsky <timo@binsky.org> | 2021-03-14 20:22:20 +0300 |
commit | a361f31022dc26421d10ab853f1920359e14160d (patch) | |
tree | 1dc119a96e7417bb589f5cfdbe4cf75a0e8b84cc /js/app | |
parent | 7065a60686e1da0a51b9235e0d0750cf797d6d6e (diff) |
fix file download from credential view
Diffstat (limited to 'js/app')
-rw-r--r-- | js/app/controllers/public_shared_credential.js | 2 | ||||
-rw-r--r-- | js/app/directives/credentialtemplate.js | 4 | ||||
-rw-r--r-- | js/app/services/shareservice.js | 11 |
3 files changed, 13 insertions, 4 deletions
diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js index 7f055002..8d78221b 100644 --- a/js/app/controllers/public_shared_credential.js +++ b/js/app/controllers/public_shared_credential.js @@ -58,7 +58,7 @@ return; } var file_data = EncryptService.decryptString(result.file_data, _key); - download(file_data, escapeHTML(file.filename), file.mimetype); + download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); }); }; }]); diff --git a/js/app/directives/credentialtemplate.js b/js/app/directives/credentialtemplate.js index 8c4f7a76..34862847 100644 --- a/js/app/directives/credentialtemplate.js +++ b/js/app/directives/credentialtemplate.js @@ -49,7 +49,7 @@ } var file_data = EncryptService.decryptString(result.file_data, key); - download(file_data, escapeHTML(file.filename), file.mimetype); + download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); }; @@ -65,4 +65,4 @@ } }; }]); -}());
\ No newline at end of file +}()); diff --git a/js/app/services/shareservice.js b/js/app/services/shareservice.js index 195555cf..c2841cf6 100644 --- a/js/app/services/shareservice.js +++ b/js/app/services/shareservice.js @@ -310,7 +310,16 @@ setTimeout(workload.bind(this), 0); }); + }, + + /** + * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities + * @param {string} s String to sanitize + * @return {string} Sanitized string + */ + escapeHTML: function (s) { + return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); } }; }]); -}());
\ No newline at end of file +}()); |