mrflos/memo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleaned up some of the scrubbing of xss

Browse source
This commit is contained in:
ali asaria 2011-03-12 12:04:34 -05:00
parent 2870f10968
commit ae247f09bf
2 changed files with 30 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
client/lib/jquery.jeditable.js
View file

@ -279,16 +279,16 @@
} else if ('submit' == settings.onblur) { } else if ('submit' == settings.onblur) {
input.blur(function(e) { input.blur(function(e) {
/* prevent double submit if submit was clicked */ /* prevent double submit if submit was clicked */
t = setTimeout(function() { //t = setTimeout(function() {
form.submit(); form.submit();
}, 200); //}, 200);
}); });
//ali here: i hacked this in so that submit happens on mouseout too //ali here: i hacked this in so that submit happens on mouseout too
input.mouseout(function(e) { input.mouseout(function(e) {
/* prevent double submit if submit was clicked */ /* prevent double submit if submit was clicked */
t = setTimeout(function() { //t = setTimeout(function() {
form.submit(); form.submit();
}, 200); //}, 200);
}); });
} else if ($.isFunction(settings.onblur)) { } else if ($.isFunction(settings.onblur)) {
input.blur(function(e) { input.blur(function(e) {

40
server.js
View file

@ -236,35 +236,47 @@ function scrub( text ) {
break; break;
case 'updateColumns': case 'updateColumns':
//@TODO -- scrub each column var columns = message.data;
getRoom( client, function(room) {
setColumns( room, message.data );
});
broadcastToRoom( client, message ); if (!(columns instanceof Array))
break;
var clean_columns = [];
for (i in columns)
{
clean_columns[i] = scrub( columns[i] );
}
setColumns( room, clean_columns );
broadcastToRoom( client, { action: 'updateColumns', data: clean_columns } );
break; break;
case 'changeTheme': case 'changeTheme':
//@TODO -- scrub var clean_message = {};
message.data = scrub(message.data); clean_message.data = scrub(message.data);
getRoom( client, function(room) { getRoom( client, function(room) {
setTheme( room, message.data ); setTheme( room, clean_message.data );
}); });
broadcastToRoom( client, message ); clean_message.action = 'changeTheme';
broadcastToRoom( client, clean_message );
break; break;
case 'setUserName': case 'setUserName':
//@TODO -- scrub var clean_message = {};
name = scrub(message.data);
setUserName(client, name); clean_message.data = scrub(message.data);
setUserName(client, clean_message.data);
var msg = {}; var msg = {};
msg.action = 'nameChangeAnnounce'; msg.action = 'nameChangeAnnounce';
msg.data = { sid: client.sessionId, user_name: name }; msg.data = { sid: client.sessionId, user_name: clean_message.data };
broadcastToRoom( client, msg ); broadcastToRoom( client, msg );
break; break;
@ -434,8 +446,6 @@ function setColumns ( room, columns ) {
columns, columns,
function( item, callback ) { function( item, callback ) {
//console.log('rpush: ' + REDIS_PREFIX + '-room:' + room + '-columns' + ' -- ' + item); //console.log('rpush: ' + REDIS_PREFIX + '-room:' + room + '-columns' + ' -- ' + item);
item = sanitizer.sanitize(item);
redisClient.rpush(REDIS_PREFIX + '-room:' + room + '-columns', item, redisClient.rpush(REDIS_PREFIX + '-room:' + room + '-columns', item,
function (err, res) { function (err, res) {
callback(); callback();