TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-07 19:46:37 +03:00
Code Issues Projects Releases Wiki Activity

Properly display escaped tags in editor.

Browse Source 
fixes #2149, fixes #2453
- Escape tag before displaying in editor tag widget
This commit is contained in:
Fabian Becker 2014-02-08 12:56:55 +01:00
parent 4c3bb83df0
commit badd4a0655
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ghost/admin/views/editor-tag-widget.js
View File

@ -45,7 +45,7 @@
if (tags) { if (tags) {
_.forEach(tags, function (tag) { _.forEach(tags, function (tag) {
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + tag.name + '</span>'); var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + _.escape(tag.name) + '</span>');
$tags.append($tag); $tags.append($tag);
$("[data-tag-id=" + tag.id + "]")[0].scrollIntoView(true); $("[data-tag-id=" + tag.id + "]")[0].scrollIntoView(true);
}); });
@ -120,10 +120,13 @@
_.each(matchingTags, function (matchingTag) { _.each(matchingTags, function (matchingTag) {
var highlightedName, var highlightedName,
suggestionHTML; suggestionHTML;
highlightedName = matchingTag.name.replace(regexPattern, function (match, p1) {
highlightedName = matchingTag.name.replace(regexPattern, "<mark>$1</mark>"); return "<mark>" + _.escape(p1) + "</mark>";
});
/*jslint regexp: true */ // - would like to remove this /*jslint regexp: true */ // - would like to remove this
highlightedName = highlightedName.replace(/(<mark>[^<>]*)((<[^>]+>)+)([^<>]*<\/mark>)/, "$1</mark>$2<mark>$4"); highlightedName = highlightedName.replace(/(<mark>[^<>]*)((<[^>]+>)+)([^<>]*<\/mark>)/, function (match, p1, p2, p3, p4) {
return _.escape(p1) + '</mark>' + _.escape(p2) + '<mark>' + _.escape(p4);
});
suggestionHTML = "<li data-tag-id='" + matchingTag.id + "' data-tag-name='" + _.escape(matchingTag.name) + "'><a href='#'>" + highlightedName + "</a></li>"; suggestionHTML = "<li data-tag-id='" + matchingTag.id + "' data-tag-name='" + _.escape(matchingTag.name) + "'><a href='#'>" + highlightedName + "</a></li>";
this.$suggestions.append(suggestionHTML); this.$suggestions.append(suggestionHTML);
@ -277,7 +280,7 @@
}, },
addTag: function (tag) { addTag: function (tag) {
var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + tag.name + '</span>'); var $tag = $('<span class="tag" data-tag-id="' + tag.id + '">' + _.escape(tag.name) + '</span>');
this.$('.tags').append($tag); this.$('.tags').append($tag);
$(".tag").last()[0].scrollIntoView(true); $(".tag").last()[0].scrollIntoView(true);
window.scrollTo(0, 1); window.scrollTo(0, 1);