Use escapeHTML instead of encodeEntities

2024-11-29 04:24:11 +01:00 · 2013-01-15 10:28:02 +01:00 · 2013-01-15 10:28:02 +01:00 · 654139c122
commit 654139c122
parent c165224299
2 changed files with 7 additions and 15 deletions
--- a/js/bookmarks.js
+++ b/js/bookmarks.js
@ -265,7 +265,7 @@ function updateBookmarksList(bookmark, position) {
 	var taglist = '';
 	for ( var i=0, len=tags.length; i<len; ++i ){
 		if(tags[i] != '')
-			taglist = taglist + '<a class="bookmark_tag" href="#">' + encodeEntities(tags[i]) + '</a> ';
+			taglist = taglist + '<a class="bookmark_tag" href="#">' + escapeHTML(tags[i]) + '</a> ';
 	}
 	if(!hasProtocol(bookmark.url)) {
 		bookmark.url = 'http://' + bookmark.url;
@ -312,14 +312,6 @@ function recordClick(event) {
 	});
 }

-function encodeEntities(s){
-	try {
-		return $('<div/>').text(s).html();
-	} catch (ex) {
-		return "";
-	}
-}
-
 function hasProtocol(url) {
    var regexp = /(ftp|http|https|sftp)/;
    return regexp.test(url);
--- a/templates/js_tpl.php
+++ b/templates/js_tpl.php
@ -7,10 +7,10 @@
 					</span>&nbsp;
 				</p>
 				<p class="bookmark_title">
-					<a href="<%= encodeEntities(url) %>" target="_blank" class="bookmark_link">
-						<%= encodeEntities(title == '' ? url : title ) %>
+					<a href="<%= encodeURI(url) %>" target="_blank" class="bookmark_link">
+						<%= escapeHTML(title == '' ? encodeURI(url) : title ) %>
 					</a>
-                                    	<span class="bookmark_desc"><%= encodeEntities(description)%> </span>
+                                    	<span class="bookmark_desc"><%= escapeHTML(description)%> </span>
                                        <span class="bookmark_date"><%= formatDate(added_date) %></span>
 				</p>
                                <div class="bookmark_edit_btn">
@ -28,11 +28,11 @@
 					<input type="hidden" name="record_id" value="<%= id %>" />
 				<p class="bookmark_form_title">
 					<input type="text" name="title" placeholder="<?php echo $l->t('The title of the page');?>"
-						value="<%= title %>"/>
+						value="<%= escapeHTML(title) %>"/>
 				</p>
 				<p class="bookmark_form_url">
 					<input type="text" name="url" placeholder="<?php echo $l->t('The address of the page');?>"
-						value="<%= encodeEntities(url)%>"/>
+						value="<%= encodeURI(url)%>"/>
 				</p>
 				<div class="bookmark_form_tags"><ul>
 					<% for ( var i = 0; i < tags.length; i++ ) { %>
@ -41,7 +41,7 @@
 				</ul></div>
 				<p class="bookmark_form_desc">
 					<textarea name="description" placeholder="<?php echo $l->t('Description of the page');?>"
-						><%= description%></textarea>
+						><%= escapeHTML(description) %></textarea>
 				</p>
 				<p class="bookmark_form_submit"><button class="reset" ><?php echo $l->t('Cancel');?></button>
 					<input type="submit" value="<?php echo $l->t('Save');?>">