github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 08:44:48 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: prevent self-xss in poll attributes

Browse Source
This commit is contained in:
Régis Hanol
2015-05-11 20:09:17 +02:00
parent d337da532a
commit 3a9907f392
3 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/poll/assets/javascripts/poll_dialect.js
View File

@ -8,7 +8,7 @@
const WHITELISTED_ATTRIBUTES = ["type", "name", "min", "max", "step", "order", "color", "background", "status"];
const WHITELISTED_STYLES = ["color", "background"];
const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]]+['\"]?", "g");
const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]=]+['\"]?", "g");
Discourse.Dialect.replaceBlock({
start: /\[poll([^\]]*)\]([\s\S]*)/igm,
@ -45,7 +45,7 @@
// extract poll attributes
(matches[1].match(ATTRIBUTES_REGEX) || []).forEach(function(m) {
var attr = m.split("="), name = attr[0], value = attr[1];
value = value.replace(/["']/g, "");
value = Handlebars.Utils.escapeExpression(value.replace(/["']/g, ""));
attributes[DATA_PREFIX + name] = value;
});
@ -98,12 +98,6 @@
contents[0][o].splice(1, 0, attr);
}
// // add some information when type is "multiple"
// if (attributes[DATA_PREFIX + "type"] === "multiple") {
// }
var result = ["div", attributes],
poll = ["div"];