Skip to content

Commit

Permalink
Added stricter URL filtering to prevent DOM Based XSS when the tree v…
Browse files Browse the repository at this point in the history 
…iew is enabled
  • Loading branch information
Dimitri van Heesch committed Apr 19, 2014
1 parent 385b87e commit 8ba739a
Showing 1 changed file with 28 additions and 18 deletions.
46 changes: 28 additions & 18 deletions src/navtree.js
View file
@@ -1,5 +1,3 @@
var SYNCONMSG = 'click to disable panel synchronisation';
var SYNCOFFMSG = 'click to enable panel synchronisation';
var navTreeSubIndices = new Array();

function getData(varName)
Expand All @@ -22,6 +20,21 @@ function stripPath2(uri)
return m ? uri.substring(i-6) : s;
}

function hashValue()
{
return $(location).attr('hash').substring(1).replace(/[^\w\-]/g,'');
}

function hashUrl()
{
return '#'+hashValue();
}

function pathName()
{
return $(location).attr('pathname').replace(/[^-A-Za-z0-9+&@#/%?=~_|!:,.;\(\)]/g, '');
}

function localStorageSupported()
{
try {
Expand All @@ -44,7 +57,7 @@ function deleteLink()
{
if (localStorageSupported()) {
window.localStorage.setItem('navpath','');
}
}
}

function cachedLink()
Expand Down Expand Up @@ -180,7 +193,7 @@ function newNode(o, po, text, link, childrenData, lastNode)
a.className = stripPath(link.replace('#',':'));
if (link.indexOf('#')!=-1) {
var aname = '#'+link.split('#')[1];
var srcPage = stripPath($(location).attr('pathname'));
var srcPage = stripPath(pathName());
var targetPage = stripPath(link.split('#')[0]);
a.href = srcPage!=targetPage ? url : "javascript:void(0)";
a.onclick = function(){
Expand Down Expand Up @@ -274,11 +287,10 @@ function glowEffect(n,duration)

function highlightAnchor()
{
var aname = $(location).attr('hash');
var aname = hashUrl();
var anchor = $(aname);
if (anchor.parent().attr('class')=='memItemLeft'){
var rows = $('.memberdecls tr[class$="'+
window.location.hash.substring(1).replace(/</g,'\\3c ')+'"]');
var rows = $('.memberdecls tr[class$="'+hashValue()+'"]');
glowEffect(rows.children(),300); // member without details
} else if (anchor.parent().attr('class')=='fieldname'){
glowEffect(anchor.parent().parent(),1000); // enum value
Expand All @@ -296,8 +308,8 @@ function selectAndHighlight(hash,n)
{
var a;
if (hash) {
var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1);
a=$('.item a[class$="'+link.replace(/</g,'\\3c ')+'"]');
var link=stripPath(pathName())+':'+hash.substring(1);
a=$('.item a[class$="'+link+'"]');
}
if (a && a.length) {
a.parent().parent().addClass('selected');
Expand Down Expand Up @@ -407,14 +419,13 @@ function navTo(o,root,hash,relpath)
if (link) {
var parts = link.split('#');
root = parts[0];
if (parts.length>1) hash = '#'+parts[1];
if (parts.length>1) hash = '#'+parts[1].replace(/[^\w\-]/g,'');
else hash='';
}
if (hash.match(/^#l\d+$/)) {
var anchor=$('a[name='+hash.substring(1)+']');
glowEffect(anchor.parent(),1000); // line number
hash=''; // strip line number anchors
//root=root.replace(/_source\./,'.'); // source link to doc link
}
var url=root+hash;
var i=-1;
Expand Down Expand Up @@ -448,7 +459,7 @@ function toggleSyncButton(relpath)
if (navSync.hasClass('sync')) {
navSync.removeClass('sync');
showSyncOff(navSync,relpath);
storeLink(stripPath2($(location).attr('pathname'))+$(location).attr('hash'));
storeLink(stripPath2(pathName())+hashUrl());
} else {
navSync.addClass('sync');
showSyncOn(navSync,relpath);
Expand Down Expand Up @@ -488,29 +499,28 @@ function initNavTree(toroot,relpath)
}

$(window).load(function(){
navTo(o,toroot,window.location.hash,relpath);
navTo(o,toroot,hashUrl(),relpath);
showRoot();
});

$(window).bind('hashchange', function(){
if (window.location.hash && window.location.hash.length>1){
var a;
if ($(location).attr('hash')){
var clslink=stripPath($(location).attr('pathname'))+':'+
$(location).attr('hash').substring(1);
var clslink=stripPath(pathName())+':'+hashValue();
a=$('.item a[class$="'+clslink.replace(/</g,'\\3c ')+'"]');
}
if (a==null || !$(a).parent().parent().hasClass('selected')){
$('.item').removeClass('selected');
$('.item').removeAttr('id');
}
var link=stripPath2($(location).attr('pathname'));
navTo(o,link,$(location).attr('hash'),relpath);
var link=stripPath2(pathName());
navTo(o,link,hashUrl(),relpath);
} else if (!animationInProgress) {
$('#doc-content').scrollTop(0);
$('.item').removeClass('selected');
$('.item').removeAttr('id');
navTo(o,toroot,window.location.hash,relpath);
navTo(o,toroot,hashUrl(),relpath);
}
})
}
Expand Down

0 comments on commit 8ba739a

Please sign in to comment.