From cbd36260dc64642cb50e39b44b925a0b3187c220 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=9F=E9=85=8C=20=E9=B5=AC=E5=85=84?= Date: Wed, 9 Mar 2016 23:42:55 +0800 Subject: [PATCH] Escape strings --- .../Visualizer/Snippet/ArticleLink.js | 7 ++++--- .../Blog/AstroEdit/Visualizer/Snippet/Code.js | 9 +++++---- .../AstroEdit/Visualizer/Snippet/Footnote.js | 7 ++++--- .../AstroEdit/Visualizer/Snippet/Heading.js | 5 +++-- .../Blog/AstroEdit/Visualizer/Snippet/Html.js | 7 ++++--- .../AstroEdit/Visualizer/Snippet/Image.js | 13 ++++++------ .../Blog/AstroEdit/Visualizer/Snippet/Link.js | 17 +++++++++------- .../AstroEdit/Visualizer/Snippet/Spoiler.js | 12 ++++++----- .../AstroEdit/Visualizer/Snippet/_this.js | 20 +++++++++++++++++-- ...Astro.Blog.AstroEdit.Visualizer.Snippet.js | 2 ++ 10 files changed, 64 insertions(+), 35 deletions(-) diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/ArticleLink.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/ArticleLink.js index 5d1398a..d4ff1b7 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/ArticleLink.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/ArticleLink.js @@ -20,6 +20,7 @@ var XDate = __import( "Astro.utils.Date" ); var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var compileProp = ns[ NS_INVOKE ]( "compileProp" ); var postData = __import( "System.Net.postData" ); @@ -72,8 +73,8 @@ if( override ) { - id = override.value; - title = override.title || ""; + id = unescapeStr( override.value ); + title = unescapeStr( override.title ) || ""; } else { @@ -160,7 +161,7 @@ if( opt = stage.getDAttribute( "title" ) ) { - options += " title=\"" + opt + "\""; + options += " title=\"" + escapeStr( opt ) + "\""; } return "[articlelink" + options + "]" diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Code.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Code.js index 71dc3b5..318e9b0 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Code.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Code.js @@ -14,6 +14,7 @@ var MessageBox = __import( "Components.MessageBox" ); var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var compileProp = ns[ NS_INVOKE ]( "compileProp" ); var code = function ( insertSnippet, snippetWrap, createContext, override ) @@ -99,15 +100,15 @@ ).show(); } - , visualizer = function ( submitted, override ) + , visualizer = function( submitted, override ) { var lang, code, inline , stage = this.stage; - if ( override ) + if( override ) { - lang = override.lang; - code = override.value; + lang = unescapeStr( override.lang ); + code = unescapeStr( override.value ); inline = override.inline; } else diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Footnote.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Footnote.js index bc9c075..a9efc0c 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Footnote.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Footnote.js @@ -13,9 +13,10 @@ /** @type {Components.MessageBox} */ var MessageBox = __import( "Components.MessageBox" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); - var footnote = function (insertSnippet, snippetWrap, createContext, override) + var footnote = function( insertSnippet, snippetWrap, createContext, override ) { var temp, i, j @@ -38,12 +39,12 @@ ).show(); } - , visualizer = function (submitted, override) + , visualizer = function( submitted, override ) { var mText, stage = this.stage; - mText = override ? override.value : this.mText.value; + mText = override ? unescapeStr( override.value ) : this.mText.value; if (submitted && mText) { diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Heading.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Heading.js index 412ea79..e7dc56a 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Heading.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Heading.js @@ -13,6 +13,7 @@ /** @type {Components.MessageBox} */ var MessageBox = __import( "Components.MessageBox" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); var compileProp = ns[ NS_INVOKE ]( "compileProp" ); @@ -94,8 +95,8 @@ if ( override ) { - size = override.size; - heading = override.value; + size = unescapeStr( override.size ); + heading = unescapeStr( override.value ); } else { diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Html.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Html.js index f7b1fbd..ad01f10 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Html.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Html.js @@ -14,8 +14,9 @@ var MessageBox = __import( "Components.MessageBox" ); var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); - var html = function (insertSnippet, snippetWrap, createContext, override) + var html = function( insertSnippet, snippetWrap, createContext, override ) { var temp, i, j @@ -38,12 +39,12 @@ ).show(); } - , visualizer = function (submitted, override) + , visualizer = function( submitted, override ) { var code, stage = this.stage; - code = override ? override.value : this.code.value; + code = override ? unescapeStr( override.value ) : this.code.value; if (submitted && code) { diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Image.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Image.js index 4bb0284..8e3a5cc 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Image.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Image.js @@ -13,6 +13,8 @@ /** @type {Components.MessageBox} */ var MessageBox = __import( "Components.MessageBox" ); + var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var compileProp = ns[ NS_INVOKE ]( "compileProp" ); var image = function( insertSnippet, snippetWrap, createContext, override ) @@ -61,8 +63,8 @@ if ( override ) { - src = override.value; - href = override.href; + src = unescapeStr( override.value ); + href = unescapeStr( override.href ); preferred = override.preferred ? "on" : ""; } else @@ -155,10 +157,9 @@ var element = IDOMElement( stage ) , props = [ "href", "preferred" ] - return "[img" - + compileProp( element, props ) - + "]" - + element.getDAttribute( "value" ) + "[/img]" + return "[img" + compileProp( element, props ) + "]" + + escapeStr( element.getDAttribute( "value" ) ) + + "[/img]" ; }; diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Link.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Link.js index 0d776b9..70c0512 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Link.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Link.js @@ -12,7 +12,10 @@ var Dand = __import( "Dandelion" ); /** @type {Components.MessageBox} */ var MessageBox = __import( "Components.MessageBox" ); - + + var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); + var link = function(insertSnippet, snippetWrap, createContext, override) { var temp, i, j @@ -46,10 +49,10 @@ var src, href , stage = this.stage; - if (override) + if( override ) { - src = override.value; - href = override.href; + src = unescapeStr( override.value ); + href = unescapeStr( override.href ); } else { @@ -117,12 +120,12 @@ { // [link href=\"" + this.href.value + "\"]" + text + "[/link] var element = IDOMElement(stage) - , href = element.getDAttribute("href"); + , href = escapeStr( element.getDAttribute("href") ) + , val = escapeStr( element.getDAttribute("value") ) ; - return "[link" + (href ? (" href=\"" + href + "\"") : "") + "]" + element.getDAttribute("value") + "[/link]"; + return "[link" + (href ? (" href=\"" + href + "\"") : "") + "]" + val + "[/link]"; }; - __static_method( link, "compile", compile ); ns[ NS_EXPORT ]( EX_CLASS, "Link", link ); diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Spoiler.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Spoiler.js index 061974c..9daff8e 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Spoiler.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/Spoiler.js @@ -14,6 +14,8 @@ var MessageBox = __import( "Components.MessageBox" ); var compileProp = ns[ NS_INVOKE ]( "compileProp" ); + var escapeStr = ns[ NS_INVOKE ]( "escapeStr" ); + var unescapeStr = ns[ NS_INVOKE ]( "unescapeStr" ); var spoiler = function(insertSnippet, snippetWrap, createContext, override) { @@ -48,15 +50,15 @@ , "OK", "Cancel", visualizer.bind({title: input_title, content:v_snippetInput, expanded: input_expanded, stage: this._stage})).show(); } - , visualizer = function (submitted, override) + , visualizer = function( submitted, override ) { var content, title, expanded , stage = this.stage; - if (override) + if( override ) { - content = override.value; - title = override.title; + content = unescapeStr( override.value ); + title = unescapeStr( override.title ); expanded = override.expanded ? "on" : ""; } else @@ -142,7 +144,7 @@ return "[spoiler" + compileProp( element, props ) + "]" - + element.getDAttribute( "value" ) + + escapeStr( element.getDAttribute( "value" ) ) + "[/spoiler]"; }; diff --git a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/_this.js b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/_this.js index 744b20b..20355b2 100644 --- a/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/_this.js +++ b/botanjs/src/Astro/Blog/AstroEdit/Visualizer/Snippet/_this.js @@ -4,7 +4,22 @@ var escapeStr = function ( str ) { - return str.replace( /\[/g, "[" ).replace( /\]/g, "]" ); + if( !str ) return str; + return str + .replace( /\[/g, "[" ) + .replace( /\]/g, "]" ) + .replace( /"/g, """ ) + ; + }; + + var unescapeStr = function( str ) + { + if( !str ) return str; + return str + .replace( /[/g, "[" ) + .replace( /]/g, "]" ) + .replace( /"/g, "\"" ) + ; }; var compileProp = function ( _iDOM, keys ) @@ -14,12 +29,13 @@ { if( ( k = _iDOM.getDAttribute(keys[i]) ) ) { - j += " " + keys[i] + "=\"" + k + "\""; + j += " " + keys[i] + "=\"" + escapeStr( k ) + "\""; } } return j; }; ns[ NS_EXPORT ]( EX_FUNC, "escapeStr", escapeStr ); + ns[ NS_EXPORT ]( EX_FUNC, "unescapeStr", unescapeStr ); ns[ NS_EXPORT ]( EX_FUNC, "compileProp", compileProp ); })(); diff --git a/botanjs/src/externs/Astro.Blog.AstroEdit.Visualizer.Snippet.js b/botanjs/src/externs/Astro.Blog.AstroEdit.Visualizer.Snippet.js index f8b9308..6673197 100644 --- a/botanjs/src/externs/Astro.Blog.AstroEdit.Visualizer.Snippet.js +++ b/botanjs/src/externs/Astro.Blog.AstroEdit.Visualizer.Snippet.js @@ -3,4 +3,6 @@ Astro.Blog.AstroEdit.Visualizer.Snippet = function(){}; /** @type {Function} */ Astro.Blog.AstroEdit.Visualizer.Snippet.escapeStr; /** @type {Function} */ +Astro.Blog.AstroEdit.Visualizer.Snippet.unescapeStr; +/** @type {Function} */ Astro.Blog.AstroEdit.Visualizer.Snippet.compileProp;