diff options
Diffstat (limited to 'js/app')
| -rw-r--r-- | js/app/controllers/public_shared_credential.js | 2 | ||||
| -rw-r--r-- | js/app/directives/credentialtemplate.js | 4 | ||||
| -rw-r--r-- | js/app/services/shareservice.js | 11 |
3 files changed, 13 insertions, 4 deletions
diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js index 7f055002..8d78221b 100644 --- a/js/app/controllers/public_shared_credential.js +++ b/js/app/controllers/public_shared_credential.js @@ -58,7 +58,7 @@ return; } var file_data = EncryptService.decryptString(result.file_data, _key); - download(file_data, escapeHTML(file.filename), file.mimetype); + download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); }); }; }]); diff --git a/js/app/directives/credentialtemplate.js b/js/app/directives/credentialtemplate.js index 8c4f7a76..34862847 100644 --- a/js/app/directives/credentialtemplate.js +++ b/js/app/directives/credentialtemplate.js @@ -49,7 +49,7 @@ } var file_data = EncryptService.decryptString(result.file_data, key); - download(file_data, escapeHTML(file.filename), file.mimetype); + download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); }; @@ -65,4 +65,4 @@ } }; }]); -}());
\ No newline at end of file +}()); diff --git a/js/app/services/shareservice.js b/js/app/services/shareservice.js index 195555cf..c2841cf6 100644 --- a/js/app/services/shareservice.js +++ b/js/app/services/shareservice.js @@ -310,7 +310,16 @@ setTimeout(workload.bind(this), 0); }); + }, + + /** + * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities + * @param {string} s String to sanitize + * @return {string} Sanitized string + */ + escapeHTML: function (s) { + return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); } }; }]); -}());
\ No newline at end of file +}()); |