- strip dangerous html for blog/discussions/comments

- fix for wrong-working all-filter in forum git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10520 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2008-08-26 14:53:36 +00:00
parent 0cbea60cf6
commit 2dc4ddcef0
5 changed files with 7 additions and 7 deletions
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
@@ -16,9 +16,9 @@
 <#macro addContent item>
 <#escape x as jsonUtils.encodeJSONString(x)>
   <#if (contentLength?? && contentLength > -1 && (item.node.content?length > contentLength))>
-      "content" : "${item.node.content?substring(0, contentLength)}",
+      "content" : "${stringUtils.stripUnsafeHTML(item.node.content?substring(0, contentLength))}",
   <#else>
-      "content" : "${item.node.content}",
+      "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
   </#if>
 </#escape>
 </#macro>
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/posts/blog-posts.get.js
@@ -72,7 +72,7 @@ function main()
   }
   
   // selected tag
-   var tag = args["tag"] != undefined && args["tag"].length > 0 ? args["tag"] : null;
+   var tag = (args["tag"] != undefined && args["tag"].length > 0) ? args["tag"] : null;
   
   // fetch and assign the data
   model.data = getBlogPostList(node, fromDate, toDate, tag, index, count);
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
@@ -24,7 +24,7 @@
 	"nodeRef" : "${item.node.nodeRef}",
 	"name" : "${item.node.properties.name!''}",
    "title" : "${item.node.properties.title!''}",
-	"content" : "${item.node.content}",
+	"content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
   <#if item.author??>
   <@renderPerson person=item.author fieldName="author" />
   <#else>
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/forum/forum-posts.get.js
@@ -36,7 +36,7 @@ function main()
   var count = args["pageSize"] != undefined ? parseInt(args["pageSize"]) : 10;

   // selected tag
-   var tag = args["tag"] != undefined && args["tag"].length > 0 ? args["tag"] : null;
+   var tag = (args["tag"] != undefined && args["tag"].length > 0) ? args["tag"] : null;

   model.data = getTopicPostList(node, tag, index, count);
    
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
@@ -16,9 +16,9 @@
 <#macro addContent post>
 <#escape x as jsonUtils.encodeJSONString(x)>
   <#if (contentLength?? && contentLength > -1 && (post.content?length > contentLength))>
-      "content" : "${post.content?substring(0, contentLength)}",
+      "content" : "${stringUtils.stripUnsafeHTML(post.content?substring(0, contentLength))}",
   <#else>
-      "content" : "${post.content}",
+      "content" : "${stringUtils.stripUnsafeHTML(post.content)}",
   </#if>
 </#escape>
 </#macro>