ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

client: escape periods in tag names

Browse source 
Merges PR #390
This commit is contained in:
Shyam Sunder 2021-04-22 13:43:21 -04:00
commit ca77149597
10 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
client/html/post_readonly_sidebar.tpl
View file

@ -92,7 +92,7 @@
--></a><!--
--><% } %><!--
--><% if (ctx.canListPosts) { %><!--
--><a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeColons(tag.names[0])}) %>' class='<%= ctx.makeCssName(tag.category, 'tag') %>'><!--
--><a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeTagName(tag.names[0])}) %>' class='<%= ctx.makeCssName(tag.category, 'tag') %>'><!--
--><% } %><!--
--><%- ctx.getPrettyName(tag.names[0]) %>&#32;<!--
--><% if (ctx.canListPosts) { %><!--

2
client/html/tag_delete.tpl
View file

@ -1,6 +1,6 @@
<div class='tag-delete'>
<form>
<p>This tag has <a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeColons(ctx.tag.names[0])}) %>'><%- ctx.tag.postCount %> usage(s)</a>.</p>
<p>This tag has <a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeTagName(ctx.tag.names[0])}) %>'><%- ctx.tag.postCount %> usage(s)</a>.</p>
<ul class='input'>
<li>

2
client/html/tag_summary.tpl
View file

@ -36,6 +36,6 @@
<section class='description'>
<hr/>
<%= ctx.makeMarkdown(ctx.tag.description || 'This tag has no description yet.') %>
<p>This tag has <a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeColons(ctx.tag.names[0])}) %>'><%- ctx.tag.postCount %> usage(s)</a>.</p>
<p>This tag has <a href='<%- ctx.formatClientLink('posts', {query: ctx.escapeTagName(ctx.tag.names[0])}) %>'><%- ctx.tag.postCount %> usage(s)</a>.</p>
</section>
</div>

2
client/js/controllers/pool_controller.js
View file

@ -52,7 +52,7 @@ class PoolController {
canMerge: api.hasPrivilege("pools:merge"),
canDelete: api.hasPrivilege("pools:delete"),
categories: categories,
escapeColons: uri.escapeColons,
escapeTagName: uri.escapeTagName,
});
this._view.addEventListener("change", (e) =>

2
client/js/controllers/pool_create_controller.js
View file

@ -26,7 +26,7 @@ class PoolCreateController {
this._view = new PoolCreateView({
canCreate: api.hasPrivilege("pools:create"),
categories: categories,
escapeColons: uri.escapeColons,
escapeTagName: uri.escapeTagName,
});
this._view.addEventListener("submit", (e) =>

2
client/js/controllers/tag_controller.js
View file

@ -56,7 +56,7 @@ class TagController {
canMerge: api.hasPrivilege("tags:merge"),
canDelete: api.hasPrivilege("tags:delete"),
categories: categories,
escapeColons: uri.escapeColons,
escapeTagName: uri.escapeTagName,
});
this._view.addEventListener("change", (e) =>

2
client/js/controls/post_readonly_sidebar_control.js
View file

@ -28,7 +28,7 @@ class PostReadonlySidebarControl extends events.EventTarget {
canListPosts: api.hasPrivilege("posts:list"),
canEditPosts: api.hasPrivilege("posts:edit"),
canViewTags: api.hasPrivilege("tags:view"),
escapeColons: uri.escapeColons,
escapeTagName: uri.escapeTagName,
extractRootDomain: uri.extractRootDomain,
getPrettyName: misc.getPrettyName,
})

5
client/js/controls/tag_input_control.js
View file

@ -163,7 +163,8 @@ class TagInputControl extends events.EventTarget {
addTagByName(name, source) {
name = name.trim();
if (!name) {
// Tags `.` and `..` are not allowed, see https://github.com/rr-/szurubooru/pull/390
if (!name || name == "." || name == "..") {
return;
}
return Tag.get(name).then(
@ -305,7 +306,7 @@ class TagInputControl extends events.EventTarget {
searchLinkNode.setAttribute(
"href",
uri.formatClientLink("posts", {
query: uri.escapeColons(tag.names[0]),
query: uri.escapeTagName(tag.names[0]),
})
);
searchLinkNode.textContent = tag.names[0] + " ";

2
client/js/util/misc.js
View file

@ -187,7 +187,7 @@ function arraysDiffer(source1, source2, orderImportant) {
}
function escapeSearchTerm(text) {
return text.replace(/([a-z_-]):/g, "$1\\:");
return text.replace(/([a-z_-]):/g, "$1\\:").replace(/\./g, "\\.");
}
function dataURItoBlob(dataURI) {

6
client/js/util/uri.js
View file

@ -85,14 +85,14 @@ function extractRootDomain(url) {
return domain;
}
function escapeColons(text) {
return text.replace(new RegExp(":", "g"), "\\:");
function escapeTagName(text) {
return text.replace(/:/g, "\\:").replace(/\./g, "\\.");
}
module.exports = {
formatClientLink: formatClientLink,
formatApiLink: formatApiLink,
escapeColons: escapeColons,
escapeTagName: escapeTagName,
escapeParam: escapeParam,
unescapeParam: unescapeParam,
extractHostname: extractHostname,