From 1478b611da46c3b008856cf8bf44b5eb42f5e5e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20H=C3=BCbschle-Schneider?= Date: Tue, 30 Dec 2014 18:22:20 +0100 Subject: [PATCH 1/2] Properly escape HTML entities in irclinky filter Fixes #525 --- js/filters.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/js/filters.js b/js/filters.js index 68f01be..886dc6b 100644 --- a/js/filters.js +++ b/js/filters.js @@ -30,6 +30,13 @@ weechat.filter('irclinky', ['$filter', function($filter) { return text; } + // First, escape entities to prevent escaping issues because it's a bad idea + // to parse/modify HTML with regexes, which we do a couple of lines down... + var entities = {"<": "<", ">": ">", '"': '"', "'": ''', "&": "&", "/": '/'}; + text = text.replace(/[<>"'&\/]/g, function (char) { + return entities[char]; + }); + // This regex in no way matches all IRC channel names (they could also begin with &, + or an // exclamation mark followed by 5 alphanumeric characters, and are bounded in length by 50). // However, it matches all *common* IRC channels while trying to minimise false positives. From 8a740b765aef6a4f8cc5aa261669331d9617bd30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20H=C3=BCbschle-Schneider?= Date: Tue, 30 Dec 2014 20:23:32 +0100 Subject: [PATCH 2/2] Fix DOMfilter when replacing multiple occasions Previously, it would sometimes forget things at the end --- js/filters.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/js/filters.js b/js/filters.js index 886dc6b..4f0d6d9 100644 --- a/js/filters.js +++ b/js/filters.js @@ -94,13 +94,15 @@ weechat.filter('DOMfilter', ['$filter', '$sce', function($filter, $sce) { } else { parent.appendChild(newNode); } + return newNode; } } // recurse + if (node === undefined || node === null) return; node = node.firstChild; while (node) { - process(node); - node = node.nextSibling; + var nextNode = process(node); + node = (nextNode ? nextNode : node).nextSibling; } };