From c80ebf34492aae655758c6ef51e944a7cf430fe2 Mon Sep 17 00:00:00 2001 From: binsky Date: Mon, 22 Mar 2021 18:29:52 +0100 Subject: add angular based own escapeHTML filter --- js/app/controllers/public_shared_credential.js | 4 +-- js/app/directives/credentialtemplate.js | 6 ++-- js/app/filters/escapeHTML.js | 38 ++++++++++++++++++++++++++ js/app/services/shareservice.js | 9 ------ 4 files changed, 43 insertions(+), 14 deletions(-) create mode 100644 js/app/filters/escapeHTML.js (limited to 'js/app') diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js index 8d78221b..b03aadc5 100644 --- a/js/app/controllers/public_shared_credential.js +++ b/js/app/controllers/public_shared_credential.js @@ -31,7 +31,7 @@ * Controller of the passmanApp */ angular.module('passmanApp') - .controller('PublicSharedCredential', ['$scope', 'ShareService', '$window', 'EncryptService', 'NotificationService', '$translate', function ($scope, ShareService, $window, EncryptService, NotificationService, $translate) { + .controller('PublicSharedCredential', ['$scope', 'ShareService', '$window', 'EncryptService', 'NotificationService', '$translate', 'escapeHTMLFilter', function ($scope, ShareService, $window, EncryptService, NotificationService, $translate, escapeHTMLFilter) { var _key; $scope.loading = false; $scope.loadSharedCredential = function () { @@ -58,7 +58,7 @@ return; } var file_data = EncryptService.decryptString(result.file_data, _key); - download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); + download(file_data, escapeHTMLFilter(file.filename), file.mimetype); }); }; }]); diff --git a/js/app/directives/credentialtemplate.js b/js/app/directives/credentialtemplate.js index 34862847..9b3e2d3e 100644 --- a/js/app/directives/credentialtemplate.js +++ b/js/app/directives/credentialtemplate.js @@ -29,8 +29,8 @@ * # passwordGen */ angular.module('passmanApp') - .directive('credentialTemplate', ['EncryptService', '$translate', 'FileService', 'ShareService', 'NotificationService', 'CredentialService', - function (EncryptService, $translate, FileService, ShareService, NotificationService, CredentialService) { + .directive('credentialTemplate', ['EncryptService', '$translate', 'FileService', 'ShareService', 'NotificationService', 'CredentialService', 'escapeHTMLFilter', + function (EncryptService, $translate, FileService, ShareService, NotificationService, CredentialService, escapeHTMLFilter) { return { templateUrl: 'views/partials/credential_template.html', replace: true, @@ -49,7 +49,7 @@ } var file_data = EncryptService.decryptString(result.file_data, key); - download(file_data, ShareService.escapeHTML(file.filename), file.mimetype); + download(file_data, escapeHTMLFilter(file.filename), file.mimetype); }; diff --git a/js/app/filters/escapeHTML.js b/js/app/filters/escapeHTML.js new file mode 100644 index 00000000..88916dd7 --- /dev/null +++ b/js/app/filters/escapeHTML.js @@ -0,0 +1,38 @@ +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +(function () { + 'use strict'; + + /** + * @ngdoc filter + * @name passmanApp.filter:escapeHTML + * @function + * @description Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities + */ + angular.module('passmanApp') + .filter('escapeHTML', function () { + return function (s) { + return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); + }; + }); +}()); diff --git a/js/app/services/shareservice.js b/js/app/services/shareservice.js index c2841cf6..ff4a149c 100644 --- a/js/app/services/shareservice.js +++ b/js/app/services/shareservice.js @@ -310,15 +310,6 @@ setTimeout(workload.bind(this), 0); }); - }, - - /** - * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities - * @param {string} s String to sanitize - * @return {string} Sanitized string - */ - escapeHTML: function (s) { - return s.toString().split('&').join('&').split('<').join('<').split('>').join('>').split('"').join('"').split('\'').join('''); } }; }]); -- cgit v1.2.3