mozilla
/
releases-comm-central
зеркало из https://github.com/mozilla/releases-comm-central.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 404198: Links from feed not properly escaped. r=mkmelin

This commit is contained in:
Christian Schmidt 2008-09-16 00:41:55 +03:00
Родитель c173066fd9
Коммит 3cf9aa6bc0
2 изменённых файлов: 19 добавлений и 6 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
mail/extensions/newsblog/content/FeedItem.js
Просмотреть файл

@ -181,6 +181,9 @@ FeedItem.prototype =
{
this.mUnicodeConverter.charset = this.characterSet;
// this.title and this.content contain HTML
// this.mUrl and this.contentBase contain plain text
if (this.isStored())
debug(this.identity + " already stored; ignoring");
else if (this.content)
@ -190,8 +193,8 @@ FeedItem.prototype =
content = content.replace(/%CONTENT_TEMPLATE%/, LOCAL_CONTENT_TEMPLATE);
content = content.replace(/%STYLE%/, LOCAL_STYLE);
content = content.replace(/%TITLE%/, this.title);
content = content.replace(/%BASE%/, this.contentBase);
content = content.replace(/%URL%/g, this.mURL);
content = content.replace(/%BASE%/, htmlEscape(this.contentBase));
content = content.replace(/%URL%/g, htmlEscape(this.mURL));
content = content.replace(/%CONTENT%/, this.content);
this.content = content; // XXX store it elsewhere, f.e. this.page
this.writeToFolder();
@ -205,9 +208,9 @@ FeedItem.prototype =
var content = MESSAGE_TEMPLATE;
content = content.replace(/%CONTENT_TEMPLATE%/, LOCAL_CONTENT_TEMPLATE);
content = content.replace(/%STYLE%/, LOCAL_STYLE);
content = content.replace(/%BASE%/, this.contentBase);
content = content.replace(/%BASE%/, htmlEscape(this.contentBase));
content = content.replace(/%TITLE%/, this.title);
content = content.replace(/%URL%/g, this.mURL);
content = content.replace(/%URL%/g, htmlEscape(this.mURL));
content = content.replace(/%CONTENT%/, this.content);
this.content = content; // XXX store it elsewhere, f.e. this.page
this.writeToFolder();
@ -220,8 +223,8 @@ FeedItem.prototype =
content = content.replace(/%CONTENT_TEMPLATE%/, REMOTE_CONTENT_TEMPLATE);
content = content.replace(/%STYLE%/, REMOTE_STYLE);
content = content.replace(/%TITLE%/, this.title);
content = content.replace(/%BASE%/, this.contentBase);
content = content.replace(/%URL%/g, this.mURL);
content = content.replace(/%BASE%/, htmlEscape(this.contentBase));
content = content.replace(/%URL%/g, htmlEscape(this.mURL));
content = content.replace(/%DESCRIPTION%/, this.description || this.title);
this.content = content; // XXX store it elsewhere, f.e. this.page
this.writeToFolder();

10
mail/extensions/newsblog/content/utils.js
Просмотреть файл

@ -341,3 +341,13 @@ function W3CToIETFDate(dateString) {
var date = ISO8601DateUtils.parse(dateString);
return date.toUTCString();
}
function htmlEscape(s)
{
s = s.replace(/&/g, "&");
s = s.replace(/>/g, ">");
s = s.replace(/</g, "&lt;");
s = s.replace(/'/g, "&#39;");
s = s.replace(/"/g, "&quot;");
return s;
}