npm
/
react-native-zss-rich-text-editor
Bevaka 10
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 3 Wiki Activity
Bläddra i källkod

Encode HTML entities in user input

Yevhen Pavliuk 8 år sedan
förälder
7961a91f28
incheckning
4774dfe593
1 ändrade filer med 4 tillägg och 4 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 4
    4
      src/editor.html

+ 4
- 4
src/editor.html Visa fil

1235 
 				zss_editor.restorerange();
 1235 
 				zss_editor.restorerange();
1236 
 				var sel = document.getSelection();
 1236 
 				var sel = document.getSelection();
1237 
 				sel.deleteFromDocument();
 1237 
 				sel.deleteFromDocument();
1238 
-				document.execCommand("insertHTML",false,"<a href='"+url+"'>"+title+"</a>");
1238 
+				document.execCommand('insertHTML',false,'<a href="'+encodeHtmlEntities(url)+'">'+encodeHtmlEntities(title)+'</a>');
1239
1239
1240 
 				zss_editor.enabledEditingItems();
 1240 
 				zss_editor.enabledEditingItems();
1241 
 			}
 1241 
 			}
1317 
 					}
 1317 
 					}
1318 
 				}
 1318 
 				}
1319
1319
1320 
-				var html_code = '<a href="' + link_url + '">' + sel + '</a>';
1320 
+				var html_code = '<a href="' + encodeHtmlEntities(link_url) + '">' + encodeHtmlEntities(sel) + '</a>';
1321 
 				zss_editor.insertHTML(html_code);
 1321 
 				zss_editor.insertHTML(html_code);
1322
1322
1323 
 			}
 1323 
 			}
1328
1328
1329 
 			zss_editor.insertImage = function(url, alt) {
 1329 
 			zss_editor.insertImage = function(url, alt) {
1330 
 				zss_editor.restorerange();
 1330 
 				zss_editor.restorerange();
1331 
-				var html = '<img src="'+url+'" alt="'+alt+'" /><br>';
1331 
+				var html = '<img src="'+encodeHtmlEntities(url)+'" alt="'+encodeHtmlEntities(alt)+'" /><br>';
1332 
 				zss_editor.insertHTML(html);
 1332 
 				zss_editor.insertHTML(html);
1333 
 				zss_editor.enabledEditingItems();
 1333 
 				zss_editor.enabledEditingItems();
1334 
 			}
 1334 
 			}
1335
1335
1336 
 			zss_editor.insertImageBase64String = function(imageBase64String, alt) {
 1336 
 			zss_editor.insertImageBase64String = function(imageBase64String, alt) {
1337 
 				zss_editor.restorerange();
 1337 
 				zss_editor.restorerange();
1338 
-				var html = '<img src="data:image/jpeg;base64,'+imageBase64String+'" alt="'+alt+'" />';
1338 
+				var html = '<img src="data:image/jpeg;base64,'+encodeHtmlEntities(imageBase64String)+'" alt="'+encodeHtmlEntities(alt)+'" />';
1339 
 				zss_editor.insertHTML(html);
 1339 
 				zss_editor.insertHTML(html);
1340 
 				zss_editor.enabledEditingItems();
 1340 
 				zss_editor.enabledEditingItems();
1341 
 			}
 1341 
 			}