From 8ac511ef3fe4274530bebcfc5781a614507c3941 Mon Sep 17 00:00:00 2001 From: yasushiito Date: Sat, 13 Dec 2014 15:50:37 +0900 Subject: [PATCH] fix escape html --- app/assets/javascripts/controllers/artists.js.coffee | 2 +- app/assets/javascripts/controllers/ground_pictures.js.coffee | 2 +- .../body/file_body/file_item/caption/default/face/column.js.coffee | 2 +- app/assets/javascripts/locmare/profiler/column/base.js.coffee | 4 ++-- .../locmare/profiler/column/extend/extend_column.js.coffee | 2 +- app/assets/javascripts/models/comic_story.js.coffee | 2 +- app/assets/javascripts/models/folder.js.coffee | 2 +- app/assets/javascripts/models/ground_picture.js.coffee | 2 +- app/assets/javascripts/models/license.js.coffee | 2 +- app/assets/javascripts/models/panel_picture.js.coffee | 2 +- app/assets/javascripts/models/speech.js.coffee | 2 +- app/assets/javascripts/models/speech_balloon.js.coffee | 2 +- app/assets/javascripts/pettanr.js.coffee | 2 +- app/assets/javascripts/views/common.js.coffee | 2 +- app/assets/javascripts/views/ground_colors/element_face.js.coffee | 5 ++++- app/assets/javascripts/views/ground_pictures/element_face.js.coffee | 5 ++++- app/assets/javascripts/views/panel_pictures/element_face.js.coffee | 5 ++++- app/assets/javascripts/views/show.js.coffee | 4 ++-- app/assets/javascripts/views/speech_balloons/element_face.js.coffee | 5 ++++- app/assets/javascripts/views/top/account.js.coffee | 6 +++++- 20 files changed, 38 insertions(+), 22 deletions(-) diff --git a/app/assets/javascripts/controllers/artists.js.coffee b/app/assets/javascripts/controllers/artists.js.coffee index bee94dfe..999793bc 100644 --- a/app/assets/javascripts/controllers/artists.js.coffee +++ b/app/assets/javascripts/controllers/artists.js.coffee @@ -6,7 +6,7 @@ class Pettanr.ArtistsController extends Pettanr.AppController show_html: () -> @item.fetch({cache: true}).done => - @redraw_title(@params, @item.get('title')) + @redraw_title(@params, @item.get('name')) view = new Pettanr.Views.Artist.Show({ el: "#pettanr", item: @item, diff --git a/app/assets/javascripts/controllers/ground_pictures.js.coffee b/app/assets/javascripts/controllers/ground_pictures.js.coffee index 41e10aa9..f357d62a 100644 --- a/app/assets/javascripts/controllers/ground_pictures.js.coffee +++ b/app/assets/javascripts/controllers/ground_pictures.js.coffee @@ -15,7 +15,7 @@ class Pettanr.GroundPicturesController extends Pettanr.AppController show_html: () -> @redraw_title(@params) @item.fetch({cache: true}).done => - @redraw_title(@params, @item.get('caption')) + @redraw_title(@params, @item.eget('caption')) view = new Pettanr.Views.GroundPicture.Show({ el: "#pettanr", item: @item, diff --git a/app/assets/javascripts/locmare/filer/body/file_body/file_item/caption/default/face/column.js.coffee b/app/assets/javascripts/locmare/filer/body/file_body/file_item/caption/default/face/column.js.coffee index 9e98f828..e1485553 100644 --- a/app/assets/javascripts/locmare/filer/body/file_body/file_item/caption/default/face/column.js.coffee +++ b/app/assets/javascripts/locmare/filer/body/file_body/file_item/caption/default/face/column.js.coffee @@ -12,5 +12,5 @@ class Locmare.FilerModule.BodyModule.FileBodyModule.FileItemModule.CaptionItemCo this face: () -> - @item.get(@my_manifest.column_name) + @item.escape(@my_manifest.column_name) diff --git a/app/assets/javascripts/locmare/profiler/column/base.js.coffee b/app/assets/javascripts/locmare/profiler/column/base.js.coffee index cb9802ec..41578462 100644 --- a/app/assets/javascripts/locmare/profiler/column/base.js.coffee +++ b/app/assets/javascripts/locmare/profiler/column/base.js.coffee @@ -56,7 +56,7 @@ class Locmare.ProfilerModule.ColumnModule.Value extends Backbone.View this value: () -> - @column.item().get(@column.column_name) + @column.item().escape(@column.column_name) class Locmare.ProfilerModule.ColumnModule.DateValue extends Backbone.View tagName: 'span' @@ -83,7 +83,7 @@ class Locmare.ProfilerModule.ColumnModule.JsonValue extends Backbone.View this value: () -> - JSON.stringify(JSON.parse(@column.item().get(@column.column_name)), 2) + JSON.stringify(JSON.parse(@column.item().escape(@column.column_name)), 2) class Locmare.ProfilerModule.ColumnModule.ExtendValue extends Backbone.View tagName: 'div' diff --git a/app/assets/javascripts/locmare/profiler/column/extend/extend_column.js.coffee b/app/assets/javascripts/locmare/profiler/column/extend/extend_column.js.coffee index 4746873a..1ee15917 100644 --- a/app/assets/javascripts/locmare/profiler/column/extend/extend_column.js.coffee +++ b/app/assets/javascripts/locmare/profiler/column/extend/extend_column.js.coffee @@ -49,7 +49,7 @@ class Locmare.ProfilerModule.ColumnModule.ExtendModule.Value extends Backbone.Vi this value: () -> - @extend_item().get(@extend_column.extend_column_name) + @extend_item().escape(@extend_column.extend_column_name) extend_item: () -> @column.extend_item() diff --git a/app/assets/javascripts/models/comic_story.js.coffee b/app/assets/javascripts/models/comic_story.js.coffee index c8cfc2bc..f45e3a37 100644 --- a/app/assets/javascripts/models/comic_story.js.coffee +++ b/app/assets/javascripts/models/comic_story.js.coffee @@ -27,7 +27,7 @@ class Pettanr.ComicStory extends Peta.Leaf I18n.t('comic_stories.show.t', {t: @disp_t()}) title: () -> - @disp_t_by_text() + ':' + @story().get('title') + @disp_t_by_text() + ':' + @story().escape('title') initialize: () -> if @id diff --git a/app/assets/javascripts/models/folder.js.coffee b/app/assets/javascripts/models/folder.js.coffee index dafdf520..5e8e8b3e 100644 --- a/app/assets/javascripts/models/folder.js.coffee +++ b/app/assets/javascripts/models/folder.js.coffee @@ -16,7 +16,7 @@ class Pettanr.Folder extends Peta.Owner @get('name').replace(/\/$/, '').split('/').pop() filer_caption: () -> - @caption_text = @caption() + @caption_text = _.escape(@caption()) @trigger('ready:caption') is_remote: () -> diff --git a/app/assets/javascripts/models/ground_picture.js.coffee b/app/assets/javascripts/models/ground_picture.js.coffee index 0682e06a..ec7bf157 100644 --- a/app/assets/javascripts/models/ground_picture.js.coffee +++ b/app/assets/javascripts/models/ground_picture.js.coffee @@ -30,7 +30,7 @@ class Pettanr.GroundPicture extends Peta.Element new Pettanr.Image.SymbolPicture({ attr: { src: picture.r_url(), - alt: @get('caption') + alt: @escape('caption') }, picture: picture }) diff --git a/app/assets/javascripts/models/license.js.coffee b/app/assets/javascripts/models/license.js.coffee index 466b8410..7c4799fb 100644 --- a/app/assets/javascripts/models/license.js.coffee +++ b/app/assets/javascripts/models/license.js.coffee @@ -26,7 +26,7 @@ class Pettanr.License extends Peta.SystemResource caption_with_group: () -> i = @license_group() i.fetch({cache: true}).done => - @caption_text = i.get('caption') + '/' + @get('caption') + @caption_text = i.escape('caption') + '/' + @escape('caption') @trigger('ready:caption') initialize: () -> diff --git a/app/assets/javascripts/models/panel_picture.js.coffee b/app/assets/javascripts/models/panel_picture.js.coffee index 01a2c5bf..57ecedcf 100644 --- a/app/assets/javascripts/models/panel_picture.js.coffee +++ b/app/assets/javascripts/models/panel_picture.js.coffee @@ -44,7 +44,7 @@ class Pettanr.PanelPicture extends Peta.Element new Pettanr.Image.SymbolPicture({ attr: { src: picture.r_url(), - alt: @get('caption') + alt: @escape('caption') }, picture: picture }) diff --git a/app/assets/javascripts/models/speech.js.coffee b/app/assets/javascripts/models/speech.js.coffee index 97e5a62f..42e53d73 100644 --- a/app/assets/javascripts/models/speech.js.coffee +++ b/app/assets/javascripts/models/speech.js.coffee @@ -36,7 +36,7 @@ class Pettanr.Speech extends Peta.Element scenario: () -> @boosts('read') - @render(@get('content')) + @render(@escape('content')) initialize: () -> diff --git a/app/assets/javascripts/models/speech_balloon.js.coffee b/app/assets/javascripts/models/speech_balloon.js.coffee index a29eabd6..341fc01e 100644 --- a/app/assets/javascripts/models/speech_balloon.js.coffee +++ b/app/assets/javascripts/models/speech_balloon.js.coffee @@ -32,7 +32,7 @@ class Pettanr.SpeechBalloon extends Peta.Element filer_caption: () -> @fetch({cache: true}).done => - @caption_text = @get('caption') + @caption_text = @escape('caption') @trigger('ready:caption') plain_scenario: () -> diff --git a/app/assets/javascripts/pettanr.js.coffee b/app/assets/javascripts/pettanr.js.coffee index f267f65f..6685799e 100644 --- a/app/assets/javascripts/pettanr.js.coffee +++ b/app/assets/javascripts/pettanr.js.coffee @@ -198,7 +198,7 @@ class Pettanr redraw_title: (params, str = null) -> t = str || I18n.t(params['controller'] + '.' + params['action'] + '.title') - site_caption = Manifest.manifest().magic_numbers.profile.users.caption + site_caption = _.escape(Manifest.manifest().magic_numbers.profile.users.caption) $(document).attr('title', t + ' - ' + site_caption) #>> https://gist.github.com/davidjbeveridge/3813724 diff --git a/app/assets/javascripts/views/common.js.coffee b/app/assets/javascripts/views/common.js.coffee index e958bde3..a283bdff 100644 --- a/app/assets/javascripts/views/common.js.coffee +++ b/app/assets/javascripts/views/common.js.coffee @@ -48,7 +48,7 @@ class Pettanr.Views.Common.Caption extends Backbone.View @linked_name = new Tag.A({ attr: {href: '/' + @url}, handler_name: @url, - content: @name + content: _.escape(@name) }) render: () -> diff --git a/app/assets/javascripts/views/ground_colors/element_face.js.coffee b/app/assets/javascripts/views/ground_colors/element_face.js.coffee index 47615654..ee9f75d6 100644 --- a/app/assets/javascripts/views/ground_colors/element_face.js.coffee +++ b/app/assets/javascripts/views/ground_colors/element_face.js.coffee @@ -10,7 +10,10 @@ class Pettanr.Views.GroundColor.ElementFace extends Backbone.View symbol = new Pettanr.Views.GroundColor.Symbol({item: @element, class_name: 'elements-tab-face-icon'}) this.$el.append(symbol.render().el) name = Pettanr.truncate(@element.get('caption'), 15) - caption = new Tag.Span({class_name: 'elements-tab-face-caption', content: name}) + caption = new Tag.Span({ + class_name: 'elements-tab-face-caption', + content: _.escape(name) + }) this.$el.append(caption.render().el) fe = new Tag.Div({class_name: 'elements-tab-face-end'}) this.$el.append(fe.render().el) diff --git a/app/assets/javascripts/views/ground_pictures/element_face.js.coffee b/app/assets/javascripts/views/ground_pictures/element_face.js.coffee index 43870b07..42a4b565 100644 --- a/app/assets/javascripts/views/ground_pictures/element_face.js.coffee +++ b/app/assets/javascripts/views/ground_pictures/element_face.js.coffee @@ -24,7 +24,10 @@ class Pettanr.Views.GroundPicture.ElementFace extends Backbone.View symbol = new Pettanr.Views.GroundPicture.ElementSymbol({element: @element}) this.$el.append(symbol.render().el) name = Pettanr.truncate(@element.get('caption'), 15) - caption = new Tag.Span({class_name: 'elements-tab-face-caption', content: name}) + caption = new Tag.Span({ + class_name: 'elements-tab-face-caption', + content: _.escape(name) + }) this.$el.append(caption.render().el) fe = new Tag.Div({class_name: 'elements-tab-face-end'}) this.$el.append(fe.render().el) diff --git a/app/assets/javascripts/views/panel_pictures/element_face.js.coffee b/app/assets/javascripts/views/panel_pictures/element_face.js.coffee index 88368a74..1776ec28 100644 --- a/app/assets/javascripts/views/panel_pictures/element_face.js.coffee +++ b/app/assets/javascripts/views/panel_pictures/element_face.js.coffee @@ -24,7 +24,10 @@ class Pettanr.Views.PanelPicture.ElementFace extends Backbone.View symbol = new Pettanr.Views.PanelPicture.ElementSymbol({element: @element}) this.$el.append(symbol.render().el) name = Pettanr.truncate(@element.get('caption'), 15) - caption = new Tag.Span({class_name: 'elements-tab-face-caption', content: name}) + caption = new Tag.Span({ + class_name: 'elements-tab-face-caption', + content: _.escape(name) + }) this.$el.append(caption.render().el) fe = new Tag.Div({class_name: 'elements-tab-face-end'}) this.$el.append(fe.render().el) diff --git a/app/assets/javascripts/views/show.js.coffee b/app/assets/javascripts/views/show.js.coffee index e7425ff2..3035497c 100644 --- a/app/assets/javascripts/views/show.js.coffee +++ b/app/assets/javascripts/views/show.js.coffee @@ -22,7 +22,7 @@ class Pettanr.Views.Show.Header extends Backbone.View attr: {href: '/' + @caption_url}, handler_name: @caption_url, class_name: 'caption', - content: @title + content: _.escape(@title) }) @prof = new Pettanr.Image.SymbolImg({attr: {src: '/images/prof.gif'}, half: true}) @prof_button = new Tag.A({ @@ -46,7 +46,7 @@ class Pettanr.Views.Show.HeaderAuthor extends Backbone.View @item = options.item @author = @item.author() @author.fetch({cache: true}).done => - name = @author.get('name') + name = @author.escape('name') author_url = Pettanr.url(@author.table_name(), 'show', {id: @author.get('id')}) @linked_author = new Tag.A({ attr: {href: '/' + author_url}, diff --git a/app/assets/javascripts/views/speech_balloons/element_face.js.coffee b/app/assets/javascripts/views/speech_balloons/element_face.js.coffee index 8c0bc0f0..d5135e46 100644 --- a/app/assets/javascripts/views/speech_balloons/element_face.js.coffee +++ b/app/assets/javascripts/views/speech_balloons/element_face.js.coffee @@ -27,7 +27,10 @@ class Pettanr.Views.SpeechBalloon.ElementFace extends Backbone.View this.$el.append(symbol.render().el) speech = @element.get('speech') name = Pettanr.truncate(speech.get('content'), 15) - caption = new Tag.Span({class_name: 'elements-tab-face-caption', content: name}) + caption = new Tag.Span({ + class_name: 'elements-tab-face-caption', + content: _.escape(name) + }) this.$el.append(caption.render().el) rb = new Tag.RowBreak() this.$el.append(rb.render().el) diff --git a/app/assets/javascripts/views/top/account.js.coffee b/app/assets/javascripts/views/top/account.js.coffee index 5bd7fb8e..f2902747 100644 --- a/app/assets/javascripts/views/top/account.js.coffee +++ b/app/assets/javascripts/views/top/account.js.coffee @@ -12,7 +12,11 @@ class Pettanr.Views.Top.Account extends Backbone.View if ar = @operators.artist artist = ar.icon_with_caption_view() this.$el.append(artist.render().el) - sign_out = new Tag.A({attr: {href: '/'}, class_name: 'sign_out', content: 'sign out'}) + sign_out = new Tag.A({ + attr: {href: '/'}, + class_name: 'sign_out', + content: 'sign out' + }) this.$el.append(sign_out.render().el) @delegateEvents({'click .sign_out': 'sign_out'}) this -- 2.11.0