首頁 探索 說明
註冊 登入
im-changing.ru
/
converse.js
镜像来自 https://github.com/conversejs/converse.js.git
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Don't render unescaped urls.

JC Brand 9 年之前
父節點
5a1b308edd
當前提交
b6fcc9b79d
共有 2 個文件被更改,包括 23 次插入22 次删除
分割檢視 顯示文件統計
  1. 4 9
      spec/chatbox.js
  2. 19 13
      src/utils.js

+ 4 - 9
spec/chatbox.js
查看文件 

@@ -862,11 +862,6 @@
 
                 });
 
 
                 it("will have properly escaped URLs", function () {
 
-                    if (/PhantomJS/.test(window.navigator.userAgent)) {
 
-                        // Flaky under PhantomJS due to timeouts
 
-                        return;
 
-                    }
 
-                    // TODO: make these local urls
 
                     var message, msg;
 
                     var contact_jid = mock.cur_names[0].replace(/ /g,'.').toLowerCase() + '@localhost';
 
                     test_utils.openChatBoxFor(contact_jid);
 
@@ -876,7 +871,7 @@
 
                         message = "http://www.opkode.com/'onmouseover='alert(1)'whatever";
 
                         test_utils.sendMessage(view, message);
 
                     });
 
-                    waits(500);
 
+                    waits(50);
 
                     runs(function () {
 
                         expect(view.sendMessage).toHaveBeenCalled();
 
                         msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
 
@@ -886,7 +881,7 @@
 
                         message = 'http://www.opkode.com/"onmouseover="alert(1)"whatever';
 
                         test_utils.sendMessage(view, message);
 
                     });
 
-                    waits(500);
 
+                    waits(50);
 
                     runs(function () {
 
                         expect(view.sendMessage).toHaveBeenCalled();
 
                         msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
 
@@ -896,7 +891,7 @@
 
                         message = "https://en.wikipedia.org/wiki/Ender's_Game";
 
                         test_utils.sendMessage(view, message);
 
                     });
 
-                    waits(500);
 
+                    waits(50);
 
                     runs(function () {
 
                         expect(view.sendMessage).toHaveBeenCalled();
 
                         msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');
 
@@ -906,7 +901,7 @@
 
                         message = "https://en.wikipedia.org/wiki/Ender%27s_Game";
 
                         test_utils.sendMessage(view, message);
 
                     });
 
-                    waits(500);
 
+                    waits(50);
 
                     runs(function () {
 
                         expect(view.sendMessage).toHaveBeenCalled();
 
                         msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-msg-content');

+ 19 - 13
src/utils.js
查看文件 

@@ -49,21 +49,27 @@
 
     $.fn.addHyperlinks = function () {
 
         if (this.length > 0) {
 
             this.each(function (i, obj) {
 
+                var prot, escaped_url;
 
                 var $obj = $(obj);
 
                 var x = $obj.html();
 
-                _.each(x.match(/\b(https?:\/\/|www\.|https?:\/\/www\.)[^\s<]{2,200}\b/g), function (url) {
 
-                    isImage(url)
 
-                        .then(function () {
 
-                            event.target.className = 'chat-image';
 
-                            x = x.replace(url, event.target.outerHTML);
 
-                            $obj.throttledHTML(x);
 
-                        })
 
-                        .fail(function () {
 
-                            var prot = url.indexOf('http://') === 0 || url.indexOf('https://') === 0 ? '' : 'http://';
 
-                            var escaped_url = encodeURI(decodeURI(url)).replace(/[!'()]/g, escape).replace(/\*/g, "%2A");
 
-                            x = x.replace(url, '<a target="_blank" rel="noopener" href="' + prot + escaped_url + '">'+ url + '</a>' );
 
-                            $obj.throttledHTML(x);
 
-                        });
 
+                var list = x.match(/\b(https?:\/\/|www\.|https?:\/\/www\.)[^\s<]{2,200}\b/g );
 
+                if (list) {
 
+                    for (i=0; i<list.length; i++) {
 
+                        prot = list[i].indexOf('http://') === 0 || list[i].indexOf('https://') === 0 ? '' : 'http://';
 
+                        escaped_url = encodeURI(decodeURI(list[i])).replace(/[!'()]/g, escape).replace(/\*/g, "%2A");
 
+                        x = x.replace(list[i], '<a target="_blank" rel="noopener" href="' + prot + escaped_url + '">'+ list[i] + '</a>' );
 
+                    }
 
+                }
 
+                $obj.html(x);
 
+                _.each(list, function (url) {
 
+                    isImage(url).then(function () {
 
+                        var prot = url.indexOf('http://') === 0 || url.indexOf('https://') === 0 ? '' : 'http://';
 
+                        var escaped_url = encodeURI(decodeURI(url)).replace(/[!'()]/g, escape).replace(/\*/g, "%2A");
 
+                        var new_url = '<a target="_blank" rel="noopener" href="' + prot + escaped_url + '">'+ url + '</a>';
 
+                        event.target.className = 'chat-image';
 
+                        x = x.replace(new_url, event.target.outerHTML);
 
+                        $obj.throttledHTML(x);
 
+                    });
 
                 });
 
             });
 
         }