From 2dc4ddcef0d406084d700f1b3125708672aad11f Mon Sep 17 00:00:00 2001 From: Michael Ru Date: Tue, 26 Aug 2008 14:53:36 +0000 Subject: [PATCH] - strip dangerous html for blog/discussions/comments - fix for wrong-working all-filter in forum git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10520 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl | 4 ++-- .../org/alfresco/repository/blogs/posts/blog-posts.get.js | 2 +- .../org/alfresco/repository/comments/comment.lib.ftl | 2 +- .../alfresco/repository/discussions/forum/forum-posts.get.js | 2 +- .../org/alfresco/repository/discussions/post.lib.ftl | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl index 7f3a11140d..3ed2dee382 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl @@ -16,9 +16,9 @@ <#macro addContent item> <#escape x as jsonUtils.encodeJSONString(x)> <#if (contentLength?? && contentLength > -1 && (item.node.content?length > contentLength))> - "content" : "${item.node.content?substring(0, contentLength)}", + "content" : "${stringUtils.stripUnsafeHTML(item.node.content?substring(0, contentLength))}", <#else> - "content" : "${item.node.content}", + "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}", diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js index bcad947189..fd31c3026c 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js @@ -72,7 +72,7 @@ function main() } // selected tag - var tag = args["tag"] != undefined && args["tag"].length > 0 ? args["tag"] : null; + var tag = (args["tag"] != undefined && args["tag"].length > 0) ? args["tag"] : null; // fetch and assign the data model.data = getBlogPostList(node, fromDate, toDate, tag, index, count); diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl index 28fa72309e..ddf724b303 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl @@ -24,7 +24,7 @@ "nodeRef" : "${item.node.nodeRef}", "name" : "${item.node.properties.name!''}", "title" : "${item.node.properties.title!''}", - "content" : "${item.node.content}", + "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}", <#if item.author??> <@renderPerson person=item.author fieldName="author" /> <#else> diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js index 1be08c2b36..7ab9710b14 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js @@ -36,7 +36,7 @@ function main() var count = args["pageSize"] != undefined ? parseInt(args["pageSize"]) : 10; // selected tag - var tag = args["tag"] != undefined && args["tag"].length > 0 ? args["tag"] : null; + var tag = (args["tag"] != undefined && args["tag"].length > 0) ? args["tag"] : null; model.data = getTopicPostList(node, tag, index, count); diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl index b1fa8f49ca..8ff3811cbe 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl @@ -16,9 +16,9 @@ <#macro addContent post> <#escape x as jsonUtils.encodeJSONString(x)> <#if (contentLength?? && contentLength > -1 && (post.content?length > contentLength))> - "content" : "${post.content?substring(0, contentLength)}", + "content" : "${stringUtils.stripUnsafeHTML(post.content?substring(0, contentLength))}", <#else> - "content" : "${post.content}", + "content" : "${stringUtils.stripUnsafeHTML(post.content)}",