diff options
| author | Jon Newson <jon_newson@ieee.org> | 2016-03-15 18:07:42 +1100 |
|---|---|---|
| committer | Jon Newson <jon_newson@ieee.org> | 2016-03-15 18:07:42 +1100 |
| commit | a455353a811d4cf3a9c327750e9d0fb4c7ee229a (patch) | |
| tree | 0c42f4a153df882d49b0448209ab0a1937e13685 /web-ui/app/js/helpers/sanitizer.js | |
| parent | 0ffeb6b70df00a54a2509179c32104bc7f883196 (diff) | |
| parent | cf32471caf75b817b23339166002987726d3d6d8 (diff) | |
Merge branch 'master' of https://github.com/pixelated/pixelated-user-agent
# By Felix Hammerl (13) and Thais Siqueira (3)
# Via Christoph (1) and Thais Siqueira (1)
* 'master' of https://github.com/pixelated/pixelated-user-agent:
Sets SSL certifications to false.
Fixes pep8 errors and update requests to 2.9.1.
Update locust test to run after xsrf token implementation.
Issue #620: Adapt unit tests to CSS changes
Issue #620: Refactor palceholder
Issue #620: Remove former main css file
Issue #620: Spike growl CSS modularization
Issue #617: Highlight search terms by altering mail content
Issue #617: Allow only >=3 alphanumeric characters in search field
Issue #617: Restrict searching to alphanumeric characters
Issue #617: Remove highlighting for sandboxed content
Issue #617: Add sandbox to build scripts
Issue #617: Add sandbox to user-agent
Issue #617: Create sandbox resouces
Issue #617: Add iframe-resizer
Issue #617: Serve content from Sandbox resource
Diffstat (limited to 'web-ui/app/js/helpers/sanitizer.js')
| -rw-r--r-- | web-ui/app/js/helpers/sanitizer.js | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/web-ui/app/js/helpers/sanitizer.js b/web-ui/app/js/helpers/sanitizer.js index eea1f0f7..443e8602 100644 --- a/web-ui/app/js/helpers/sanitizer.js +++ b/web-ui/app/js/helpers/sanitizer.js @@ -23,6 +23,16 @@ define(['DOMPurify', 'he'], function (DOMPurify, he) { */ var sanitizer = {}; + sanitizer.whitelist = [{ + // highlight tag open + pre: '<em class="search-highlight">', + post: '<em class="search-highlight">' + }, { + // highlight tag close + pre: '</em>', + post: '</em>' + }]; + /** * Adds html line breaks to a plaintext with line breaks (incl carriage return) * @@ -55,16 +65,24 @@ define(['DOMPurify', 'he'], function (DOMPurify, he) { }; /** - * Runs a given dirty body through he, thereby encoding everything - * as HTML entities. - * - * @param {string} dirtyBody The unsanitized string - * @return {string} Safe-to-display HTML string - */ + * Runs a given dirty body through he, thereby encoding everything + * as HTML entities. + * + * @param {string} dirtyBody The unsanitized string + * @return {string} Safe-to-display HTML string + */ sanitizer.purifyText = function (dirtyBody) { - return he.encode(dirtyBody, { + var escapedBody = he.encode(dirtyBody, { encodeEverything: true }); + + this.whitelist.forEach(function(entry) { + while (escapedBody.indexOf(entry.pre) > -1) { + escapedBody = escapedBody.replace(entry.pre, entry.post); + } + }); + + return escapedBody; }; /** |