diff options
-rw-r--r-- | js/app/controllers/public_shared_credential.js | 4 | ||||
-rw-r--r-- | js/app/directives/credentialtemplate.js | 6 | ||||
-rw-r--r-- | js/app/filters/escapeHTML.js | 38 | ||||
-rw-r--r-- | js/app/services/shareservice.js | 9 | ||||
-rw-r--r-- | templates/main.php | 1 |
5 files changed, 44 insertions, 14 deletions
diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js index 8d78221b..b03aadc5 100644 --- a/js/app/controllers/public_shared_credential.js +++ b/js/app/controllers/public_shared_credential.js @@ -31,7 +31,7 @@ * Controller of the passmanApp */ angular.module('passmanApp') - .controller('PublicSharedCredential', ['$scope', 'ShareService', '$window', 'EncryptService', 'NotificationService', '$translate', function ($scope, ShareService, $window, EncryptService, NotificationService, $translate) { + .controller('PublicSharedCredential', ['$scope', 'ShareService', '$window', 'EncryptService', 'NotificationService', '$translate', 'escapeHTMLFilter', function ($scope, ShareService, $window, EncryptService, NotificationService, $translate, escapeHTMLFilter) { var _key; $scope.loading = false; $scope.loadSharedCredential = function () { @@ -58,7 +58,7 @@ return; } var file_data = EncryptService.decryptString(result.file_data, _key); - download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); + download(file_data, escapeHTMLFilter(file.filename), file.mimetype); }); }; }]); diff --git a/js/app/directives/credentialtemplate.js b/js/app/directives/credentialtemplate.js index 34862847..9b3e2d3e 100644 --- a/js/app/directives/credentialtemplate.js +++ b/js/app/directives/credentialtemplate.js @@ -29,8 +29,8 @@ * # passwordGen */ angular.module('passmanApp') - .directive('credentialTemplate', ['EncryptService', '$translate', 'FileService', 'ShareService', 'NotificationService', 'CredentialService', - function (EncryptService, $translate, FileService, ShareService, NotificationService, CredentialService) { + .directive('credentialTemplate', ['EncryptService', '$translate', 'FileService', 'ShareService', 'NotificationService', 'CredentialService', 'escapeHTMLFilter', + function (EncryptService, $translate, FileService, ShareService, NotificationService, CredentialService, escapeHTMLFilter) { return { templateUrl: 'views/partials/credential_template.html', replace: true, @@ -49,7 +49,7 @@ } var file_data = EncryptService.decryptString(result.file_data, key); - download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); + download(file_data, escapeHTMLFilter(file.filename), file.mimetype); }; diff --git a/js/app/filters/escapeHTML.js b/js/app/filters/escapeHTML.js new file mode 100644 index 00000000..88916dd7 --- /dev/null +++ b/js/app/filters/escapeHTML.js @@ -0,0 +1,38 @@ +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +(function () { + 'use strict'; + + /** + * @ngdoc filter + * @name passmanApp.filter:escapeHTML + * @function + * @description Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities + */ + angular.module('passmanApp') + .filter('escapeHTML', function () { + return function (s) { + return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); + }; + }); +}()); diff --git a/js/app/services/shareservice.js b/js/app/services/shareservice.js index c2841cf6..ff4a149c 100644 --- a/js/app/services/shareservice.js +++ b/js/app/services/shareservice.js @@ -310,15 +310,6 @@ setTimeout(workload.bind(this), 0); }); - }, - - /** - * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities - * @param {string} s String to sanitize - * @return {string} Sanitized string - */ - escapeHTML: function (s) { - return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); } }; }]); diff --git a/templates/main.php b/templates/main.php index 4bc649a3..7300e4c1 100644 --- a/templates/main.php +++ b/templates/main.php @@ -51,6 +51,7 @@ script('passman', 'app/filters/range'); script('passman', 'app/filters/propsfilter'); script('passman', 'app/filters/byte'); script('passman', 'app/filters/tagfilter'); +script('passman', 'app/filters/escapeHTML'); script('passman', 'app/filters/as'); script('passman', 'app/filters/credentialsearch'); script('passman', 'app/filters/toHHMMSS'); |