mirror of
https://github.com/owncloudarchive/contacts.git
synced 2025-01-30 19:52:17 +01:00
Contacts: Avoid double escape in contact list. Fix #970
This commit is contained in:
Thomas Tanghus
parent
2874031c0f
commit
e06f8d04a7
57
js/app.js
57
js/app.js
@ -782,7 +782,7 @@ OC.Contacts = OC.Contacts || {
|
||||
var $li = self.$addressbookTmpl.octemplate({
|
||||
id: book.id,
|
||||
permissions: book.permissions,
|
||||
displayname: escapeHTML(book.displayname)
|
||||
displayname: book.displayname
|
||||
});
|
||||
|
||||
$li.find('a.action').tipsy({gravity: 'w'});
|
||||
@ -1727,55 +1727,60 @@ OC.Contacts = OC.Contacts || {
|
||||
};
|
||||
|
||||
(function( $ ) {
|
||||
// Support older browsers. From http://www.yelotofu.com/2008/08/jquery-outerhtml/
|
||||
jQuery.fn.outerHTML = function(s) {
|
||||
return s
|
||||
? this.before(s).remove()
|
||||
: jQuery('<p>').append(this.eq(0).clone()).html();
|
||||
};
|
||||
/**
|
||||
* Object Template
|
||||
* Inspired by micro templating done by e.g. underscore.js
|
||||
*/
|
||||
var Template = {
|
||||
init: function(options, elem) {
|
||||
init: function(vars, options, elem) {
|
||||
// Mix in the passed in options with the default options
|
||||
this.vars = vars;
|
||||
this.options = $.extend({},this.options,options);
|
||||
|
||||
// Save the element reference, both as a jQuery
|
||||
// reference and a normal reference
|
||||
this.elem = elem;
|
||||
this.$elem = $(elem);
|
||||
this.elem = elem;
|
||||
var self = this;
|
||||
|
||||
var _html = this._build(this.options);
|
||||
//console.log('html', this.$elem.html());
|
||||
if(typeof this.options.escapeFunction === 'function') {
|
||||
$.each(this.vars, function(key, val) {
|
||||
if(typeof val === 'string') {
|
||||
self.vars[key] = self.options.escapeFunction(val);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
var _html = this._build(this.vars);
|
||||
return $(_html);
|
||||
},
|
||||
// From stackoverflow.com/questions/1408289/best-way-to-do-variable-interpolation-in-javascript
|
||||
_build: function(o){
|
||||
var data = this.$elem.html();
|
||||
//this.$elem.attr('type') === 'text/template'
|
||||
//? this.$elem.html() : this.$elem.outerHTML();
|
||||
return data.replace(/{([^{}]*)}/g,
|
||||
function (a, b) {
|
||||
var r = o[b];
|
||||
return typeof r === 'string' || typeof r === 'number' ? r : a;
|
||||
}
|
||||
);
|
||||
var data = this.elem.attr('type') === 'text/template' ? this.elem.html() : this.elem.get(0).outerHTML;
|
||||
try {
|
||||
return data.replace(/{([^{}]*)}/g,
|
||||
function (a, b) {
|
||||
var r = o[b];
|
||||
return typeof r === 'string' || typeof r === 'number' ? r : a;
|
||||
}
|
||||
);
|
||||
} catch(e) {
|
||||
console.error(e, 'data:', data)
|
||||
}
|
||||
},
|
||||
options: {
|
||||
escapeFunction: function(str) {return $('<i></i>').text(str).html();}
|
||||
}
|
||||
};
|
||||
|
||||
$.fn.octemplate = function(options) {
|
||||
if ( this.length ) {
|
||||
$.fn.octemplate = function(vars, options) {
|
||||
var vars = vars ? vars : {};
|
||||
if(this.length) {
|
||||
var _template = Object.create(Template);
|
||||
return _template.init(options, this);
|
||||
return _template.init(vars, options, this);
|
||||
}
|
||||
};
|
||||
|
||||
})( jQuery );
|
||||
|
||||
|
||||
$(document).ready(function() {
|
||||
|
||||
OC.Contacts.init();
|
||||
|
||||
@ -683,10 +683,10 @@ OC.Contacts = OC.Contacts || {};
|
||||
Contact.prototype.renderListItem = function(isnew) {
|
||||
this.$listelem = this.$listTemplate.octemplate({
|
||||
id: this.id,
|
||||
name: isnew ? escapeHTML(this.getPreferredValue('FN', '')) : this.getPreferredValue('FN', ''),
|
||||
email: isnew ? escapeHTML(this.getPreferredValue('EMAIL', '')) : this.getPreferredValue('EMAIL', ''),
|
||||
tel: isnew ? escapeHTML(this.getPreferredValue('TEL', '')) : this.getPreferredValue('TEL', ''),
|
||||
adr: isnew ? escapeHTML(this.getPreferredValue('ADR', []).clean('').join(', ')) : this.getPreferredValue('ADR', []).clean('').join(', '),
|
||||
name: isnew ? this.getPreferredValue('FN', '') : this.getPreferredValue('FN', ''),
|
||||
email: isnew ? this.getPreferredValue('EMAIL', '') : this.getPreferredValue('EMAIL', ''),
|
||||
tel: isnew ? this.getPreferredValue('TEL', '') : this.getPreferredValue('TEL', ''),
|
||||
adr: isnew ? this.getPreferredValue('ADR', []).clean('').join(', ') : this.getPreferredValue('ADR', []).clean('').join(', '),
|
||||
categories: this.getPreferredValue('CATEGORIES', [])
|
||||
.clean('').join(' / ')
|
||||
});
|
||||
@ -1399,7 +1399,7 @@ OC.Contacts = OC.Contacts || {};
|
||||
$(document).bind('status.contact.updated', function(e, data) {
|
||||
if(['FN', 'EMAIL', 'TEL', 'ADR', 'CATEGORIES'].indexOf(data.property) !== -1) {
|
||||
data.contact.getListItemElement().remove();
|
||||
self.insertContact(self.contacts[parseInt(data.contact.id)].renderListItem(true));
|
||||
self.insertContact(data.contact.renderListItem(true));
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
@ -763,7 +763,7 @@ class VCard {
|
||||
}
|
||||
$temp = array(
|
||||
//'name' => $property->name,
|
||||
'value' => \OCP\Util::sanitizeHTML($value),
|
||||
'value' => $value,
|
||||
'parameters' => array()
|
||||
);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user