From a361f31022dc26421d10ab853f1920359e14160d Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sun, 14 Mar 2021 18:22:20 +0100
Subject: fix file download from credential view

---
 js/app/controllers/public_shared_credential.js |  2 +-
 js/app/directives/credentialtemplate.js        |  4 ++--
 js/app/services/shareservice.js                | 11 ++++++++++-
 3 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'js/app')

diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js
index 7f055002..8d78221b 100644
--- a/js/app/controllers/public_shared_credential.js
+++ b/js/app/controllers/public_shared_credential.js
@@ -58,7 +58,7 @@
 						return;
 					}
 					var file_data = EncryptService.decryptString(result.file_data, _key);
-					download(file_data, escapeHTML(file.filename), file.mimetype);
+					download(file_data, ShareService.escapeHTML(file.filename), file.mimetype);
 				});
 			};
 		}]);
diff --git a/js/app/directives/credentialtemplate.js b/js/app/directives/credentialtemplate.js
index 8c4f7a76..34862847 100644
--- a/js/app/directives/credentialtemplate.js
+++ b/js/app/directives/credentialtemplate.js
@@ -49,7 +49,7 @@
 
 							}
 							var file_data = EncryptService.decryptString(result.file_data, key);
-							download(file_data, escapeHTML(file.filename), file.mimetype);
+							download(file_data, ShareService.escapeHTML(file.filename), file.mimetype);
 
 						};
 
@@ -65,4 +65,4 @@
 				}
 			};
 		}]);
-}());
\ No newline at end of file
+}());
diff --git a/js/app/services/shareservice.js b/js/app/services/shareservice.js
index 195555cf..c2841cf6 100644
--- a/js/app/services/shareservice.js
+++ b/js/app/services/shareservice.js
@@ -310,7 +310,16 @@
 
 						setTimeout(workload.bind(this), 0);
 					});
+				},
+
+				/**
+				 * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
+				 * @param {string} s String to sanitize
+				 * @return {string} Sanitized string
+				 */
+				escapeHTML: function (s) {
+					return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
 				}
 			};
 		}]);
-}());
\ No newline at end of file
+}());
-- 
cgit v1.2.3