moparisthebest/mail
1
0
Fork 0
mirror of https://github.com/moparisthebest/mail synced 2024-11-26 19:02:20 -05:00
Code Issues Releases Wiki Activity

cleanup text input to content editable to prevent markup injection

Browse Source
This commit is contained in:
Tankred Hase 2013-11-06 08:36:22 +01:00
parent 4e6f9b9bbf
commit 563a16d632
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/js/controller/write.js
View File

@ -39,7 +39,7 @@ define(function(require) {
}
function fillFields(re) {
var from, body, bodyRows;
var from, body;
if (!re) {
return;
@ -53,13 +53,14 @@ define(function(require) {
// fill text body
from = re.from[0].name || re.from[0].address;
body = '<br><br>' + $filter('date')(re.sentDate, 'EEEE, MMM d, yyyy h:mm a') + ' ' + from + ' wrote:';
bodyRows = re.body.split('\n');
bodyRows.forEach(function(row) {
body += (!re.html) ? '<br>' + row : '';
});
body = '<br><br>' + $filter('date')(re.sentDate, 'EEEE, MMM d, yyyy h:mm a') + ' ' + from + ' wrote:<br>';
// clean text from markup if to prevent injection in contenteditable
if (!re.html) {
body += $('<p>' + re.body + '</p>').text().split('\n').join('<br>');
$scope.body = body;
}
}
//
// Editing headers
@ -168,9 +169,8 @@ define(function(require) {
var regex = /(\r\n|\n|\r)/gm;
var text = body.replace(regex, '').split('<div><br>').join('\n').split('<div>').join('\n').split('<br>').join('\n');
var html = '<p>' + text + '</p>';
return $(html).text();
return $('<p>' + text + '</p>').text();
}
//