diff options
| author | Bruno Wagner and Fabio Pio <bwagner+fpio@thoughtworks.com> | 2015-01-16 19:30:02 -0200 |
|---|---|---|
| committer | Pixpoa pairing <pixpoapairing@pixelated-project.org> | 2015-01-16 19:30:02 -0200 |
| commit | 9b878c19d87c1c77e32f87bc1dde5c96102aee61 (patch) | |
| tree | 0ce31d4c04f0adbc44e0ca657d9cb46775e73f85 /web-ui | |
| parent | 636862357da282171c78a712b4a398b725f8ae94 (diff) | |
Issue #233 plain text body now escapes html tags
Diffstat (limited to 'web-ui')
| -rw-r--r-- | web-ui/app/js/helpers/view_helper.js | 25 | ||||
| -rw-r--r-- | web-ui/test/spec/helpers/view_helper.spec.js | 18 |
2 files changed, 38 insertions, 5 deletions
diff --git a/web-ui/app/js/helpers/view_helper.js b/web-ui/app/js/helpers/view_helper.js index 01ab45ed..bb909cea 100644 --- a/web-ui/app/js/helpers/view_helper.js +++ b/web-ui/app/js/helpers/view_helper.js @@ -35,10 +35,33 @@ define( return textPlainBody.replace(/^(.*?)$/mg, '<p>$1</p>'); } + function escapeHtmlTags (body) { + + var escapeIndex = { + "&": "&", + "<": "<", + ">": ">", + '"': '"', + "'":''', + "/": '/' + + }; + + return body.replace(/["'<>\/&]/g, function(char){ + return escapeIndex[char]; + } ) + + } + + function escapeHtmlAndAddParagraphs (body) { + var escapedBody = escapeHtmlTags(body); + return addParagraphsToPlainText(escapedBody); + } + function formatMailBody (mail) { var body = mail.htmlBodyPart ? htmlWhitelister.sanitize(mail.htmlBody, htmlWhitelister.tagPolicy) : - addParagraphsToPlainText(mail.textPlainBody); + escapeHtmlAndAddParagraphs(mail.textPlainBody); return $(body); } diff --git a/web-ui/test/spec/helpers/view_helper.spec.js b/web-ui/test/spec/helpers/view_helper.spec.js index 806739b9..51ede430 100644 --- a/web-ui/test/spec/helpers/view_helper.spec.js +++ b/web-ui/test/spec/helpers/view_helper.spec.js @@ -53,10 +53,20 @@ define(['helpers/view_helper'], function (viewHelper) { }); }); - it('formats the body of a plain text email', function () { - var formatedMail = $('<div></div>'); - formatedMail.html(viewHelper.formatMailBody(testData.parsedMail.simpleTextPlain)); - expect(formatedMail).toContainHtml('<p>Hello Everyone</p>'); + it('each line of plain text mail gets a new paragraph', function () { + var formattedMail = $('<div></div>'); + formattedMail.html(viewHelper.formatMailBody(testData.parsedMail.simpleTextPlain)); + expect(formattedMail).toContainHtml('<p>Hello Everyone</p>'); + }); + + + it('escape html in plain text body', function () { + var formattedMail = $('<div></div>'); + var mail = testData.parsedMail.simpleTextPlain; + mail.textPlainBody = '<font color="red">This is some text!</font>' + formattedMail.html(viewHelper.formatMailBody(mail)); + expect(formattedMail.text()).toBe('<font color="red">This is some text!</font>') + }); it('move caret to the end of text after 1ms', function () { |