1 new changeset in ckan:
http://bitbucket.org/okfn/ckan/changeset/1603b24bd08e/
changeset: 1603b24bd08e
branch: feature-1357-datapreview
user: rgrp
date: 2011-10-09 11:30:01
summary: [js/datapreview][s]: correct minor issues with rendering of 'plain text' previews.
affected #: 1 file (-1 bytes)
--- a/ckan/public/scripts/application.js Sat Oct 08 17:51:11 2011 +0100
+++ b/ckan/public/scripts/application.js Sun Oct 09 10:30:01 2011 +0100
@@ -828,6 +828,7 @@
var _url = my.jsonpdataproxyUrl + '?type=csv&url=' + preview.url;
my.getResourceDataDirect(_url, function(data) {
my.showPlainTextData(data);
+ DATAEXPLORER.TABLEVIEW.$dialog.dialog('open');
});
}
else {
@@ -901,9 +902,10 @@
var content = $('<pre></pre>');
for (var i=0; i<data.data.length; i++) {
var row = data.data[i].join(',') + '\n';
- content.append(dp.escapeHTML(row));
+ content.append(my.escapeHTML(row));
}
- DATAEXPLORER.TABLEVIEW.$dialog.dialog('option', DATAEXPLORER.TABLEVIEW.dialogOptions).append(content);
+ DATAEXPLORER.TABLEVIEW.$dialog.dialog(DATAEXPLORER.TABLEVIEW.dialogOptions);
+ DATAEXPLORER.TABLEVIEW.$dialog.append(content);
}
};
@@ -922,6 +924,21 @@
}
}
+ // Public: Escapes HTML entities to prevent broken layout and XSS attacks
+ // when inserting user generated or external content.
+ //
+ // string - A String of HTML.
+ //
+ // Returns a String with HTML special characters converted to entities.
+ my.escapeHTML = function (string) {
+ return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&')
+ .replace(/</g, '<').replace(/>/g, '>')
+ .replace(/"/g, '"')
+ .replace(/'/g, ''')
+ .replace(/\//g,'/');
+ };
+
+
// Export the CKANEXT object onto the window.
$.extend(true, window, {CKANEXT: {}});
CKANEXT.DATAPREVIEW = my;
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.