kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed sanitize handlebars helper to accept not only strings

Browse Source
This commit is contained in:
Anna Bodnia
2016-08-18 17:42:10 +03:00
parent 11f1263a62
commit eaf59c1e8c
3 changed files with 52 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/javascript/helpers/handlebars.js
View File

@@ -1,12 +1,26 @@
'use strict';
/*jslint eqeq: true*/
var sanitize = function(html) {
html = html || '';
// Strip the script tags from the html, and return it as a Handlebars.SafeString
var _sanitize = function(html) {
// Strip the script tags from the html and inline evenhandlers
html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
html = html.replace(/(on\w+="[^"]*")*(on\w+='[^']*')*(on\w+=\w*\(\w*\))*/gi, '');
return new Handlebars.SafeString(html);
return html;
};
var sanitize =function (html) {
var _html;
if( _.isUndefined(html) || _.isNull(html) || _.isNumber(html)) {
return new Handlebars.SafeString(html);
}
if (_.isObject(html)){
_html = JSON.stringify(html);
return new Handlebars.SafeString(JSON.parse(_sanitize(_html)));
}
return new Handlebars.SafeString(_sanitize(html));
};
Handlebars.registerHelper('sanitize', sanitize);