diff --git a/js/app.js b/js/app.js index 2abd7f5e..001f3220 100644 --- a/js/app.js +++ b/js/app.js @@ -782,7 +782,7 @@ OC.Contacts = OC.Contacts || { var $li = self.$addressbookTmpl.octemplate({ id: book.id, permissions: book.permissions, - displayname: escapeHTML(book.displayname) + displayname: book.displayname }); $li.find('a.action').tipsy({gravity: 'w'}); @@ -1727,55 +1727,60 @@ OC.Contacts = OC.Contacts || { }; (function( $ ) { - // Support older browsers. From http://www.yelotofu.com/2008/08/jquery-outerhtml/ - jQuery.fn.outerHTML = function(s) { - return s - ? this.before(s).remove() - : jQuery('

').append(this.eq(0).clone()).html(); - }; /** * Object Template * Inspired by micro templating done by e.g. underscore.js */ var Template = { - init: function(options, elem) { + init: function(vars, options, elem) { // Mix in the passed in options with the default options + this.vars = vars; this.options = $.extend({},this.options,options); - // Save the element reference, both as a jQuery - // reference and a normal reference - this.elem = elem; - this.$elem = $(elem); + this.elem = elem; + var self = this; - var _html = this._build(this.options); - //console.log('html', this.$elem.html()); + if(typeof this.options.escapeFunction === 'function') { + $.each(this.vars, function(key, val) { + if(typeof val === 'string') { + self.vars[key] = self.options.escapeFunction(val); + } + }); + } + + var _html = this._build(this.vars); return $(_html); }, // From stackoverflow.com/questions/1408289/best-way-to-do-variable-interpolation-in-javascript _build: function(o){ - var data = this.$elem.html(); - //this.$elem.attr('type') === 'text/template' - //? this.$elem.html() : this.$elem.outerHTML(); - return data.replace(/{([^{}]*)}/g, - function (a, b) { - var r = o[b]; - return typeof r === 'string' || typeof r === 'number' ? r : a; - } - ); + var data = this.elem.attr('type') === 'text/template' ? this.elem.html() : this.elem.get(0).outerHTML; + try { + return data.replace(/{([^{}]*)}/g, + function (a, b) { + var r = o[b]; + return typeof r === 'string' || typeof r === 'number' ? r : a; + } + ); + } catch(e) { + console.error(e, 'data:', data) + } }, options: { + escapeFunction: function(str) {return $('').text(str).html();} } }; - $.fn.octemplate = function(options) { - if ( this.length ) { + $.fn.octemplate = function(vars, options) { + var vars = vars ? vars : {}; + if(this.length) { var _template = Object.create(Template); - return _template.init(options, this); + return _template.init(vars, options, this); } }; })( jQuery ); + $(document).ready(function() { OC.Contacts.init(); diff --git a/js/contacts.js b/js/contacts.js index 3b5f5140..10cbdd3f 100644 --- a/js/contacts.js +++ b/js/contacts.js @@ -683,10 +683,10 @@ OC.Contacts = OC.Contacts || {}; Contact.prototype.renderListItem = function(isnew) { this.$listelem = this.$listTemplate.octemplate({ id: this.id, - name: isnew ? escapeHTML(this.getPreferredValue('FN', '')) : this.getPreferredValue('FN', ''), - email: isnew ? escapeHTML(this.getPreferredValue('EMAIL', '')) : this.getPreferredValue('EMAIL', ''), - tel: isnew ? escapeHTML(this.getPreferredValue('TEL', '')) : this.getPreferredValue('TEL', ''), - adr: isnew ? escapeHTML(this.getPreferredValue('ADR', []).clean('').join(', ')) : this.getPreferredValue('ADR', []).clean('').join(', '), + name: isnew ? this.getPreferredValue('FN', '') : this.getPreferredValue('FN', ''), + email: isnew ? this.getPreferredValue('EMAIL', '') : this.getPreferredValue('EMAIL', ''), + tel: isnew ? this.getPreferredValue('TEL', '') : this.getPreferredValue('TEL', ''), + adr: isnew ? this.getPreferredValue('ADR', []).clean('').join(', ') : this.getPreferredValue('ADR', []).clean('').join(', '), categories: this.getPreferredValue('CATEGORIES', []) .clean('').join(' / ') }); @@ -1399,7 +1399,7 @@ OC.Contacts = OC.Contacts || {}; $(document).bind('status.contact.updated', function(e, data) { if(['FN', 'EMAIL', 'TEL', 'ADR', 'CATEGORIES'].indexOf(data.property) !== -1) { data.contact.getListItemElement().remove(); - self.insertContact(self.contacts[parseInt(data.contact.id)].renderListItem(true)); + self.insertContact(data.contact.renderListItem(true)); } }); }; diff --git a/lib/vcard.php b/lib/vcard.php index d07448f0..7fd4ea68 100644 --- a/lib/vcard.php +++ b/lib/vcard.php @@ -763,7 +763,7 @@ class VCard { } $temp = array( //'name' => $property->name, - 'value' => \OCP\Util::sanitizeHTML($value), + 'value' => $value, 'parameters' => array() );