Skip to content

Commit

Permalink
Fixed style missing problem in examples (#50).
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickyc975
nickyc975 committed Feb 17, 2020
1 parent 52bc45d commit c222ba4
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 29 deletions.
20 changes: 19 additions & 1 deletion src/lib/scripts/common.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
export { getDomain, isPDF, sendMessageToCurrentTab };
export { getDomain, isPDF, sendMessageToCurrentTab, escapeHTML };

/**
* 提取给定的url的域名
Expand Down Expand Up @@ -50,3 +50,21 @@ function sendMessageToCurrentTab(message) {
}
});
}

/**
* escape HTML tag to avoid XSS security problems
* @param {string} str string text to be escaped
*/
function escapeHTML(str) {
const REGEX_HTML_ESCAPE = /"|&|'|<|>/g;

if (typeof str !== "string") return str;
return str.replace(REGEX_HTML_ESCAPE, expression => {
var char = expression.charCodeAt(0);
var result = ["&#"];
char = char == 0x20 ? 0xa0 : char;
result.push(char);
result.push(";");
return result.join("");
});
}
24 changes: 2 additions & 22 deletions src/lib/scripts/render.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ function render(template, contents) {
// 如果是逻辑表达式,将其作为一行代码插入到渲染函数中。
if (EXPRESSION_REGEX.test(expression)) {
code.push(expression);
// 如果是一个变量,获取它的值用于填充它所在的位置,并且默认对内容进行HTML标签转义
// 如果是一个变量,获取它的值用于填充它所在的位置
} else {
code.push("result.push(this.escapeHTML(" + expression + "));");
code.push("result.push(" + expression + ");");
}

lastIndex = match.index + match[0].length;
Expand All @@ -45,25 +45,5 @@ function render(template, contents) {
}

code.push("return result.join('');");
// add escapeHTML function to the execution context
contents.escapeHTML = escapeHTML;
return new Function(code.join("").replace(/\n|\r/g, "")).apply(contents);
}

/**
* escape HTML tag to avoid XSS security problems
* @param {string} str string text to be escaped
*/
function escapeHTML(str) {
const REGEX_HTML_ESCAPE = /"|&|'|<|>/g;

if (typeof str !== "string") return str;
return str.replace(REGEX_HTML_ESCAPE, expression => {
var char = expression.charCodeAt(0);
var result = ["&#"];
char = char == 0x20 ? 0xa0 : char;
result.push(char);
result.push(";");
return result.join("");
});
}
12 changes: 6 additions & 6 deletions src/lib/scripts/translate.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { sendMessageToCurrentTab } from "./common.js";
import { sendMessageToCurrentTab, escapeHTML } from "./common.js";

export {
translate,
Expand Down Expand Up @@ -321,16 +321,16 @@ function parseTranslate(response, extras) {
originalTexts.push(items[j][1]);
}

result.mainMeaning = mainMeanings.join("");
result.originalText = originalTexts.join("");
result.mainMeaning = escapeHTML(mainMeanings.join(""));
result.originalText = escapeHTML(originalTexts.join(""));
try {
if (lastIndex > 0) {
if (items[lastIndex][2] && items[lastIndex][2].length > 0) {
result.TPhoneticSymbol = items[lastIndex][2];
result.TPhoneticSymbol = escapeHTML(items[lastIndex][2]);
}

if (items[lastIndex][3] && items[lastIndex][3].length > 0) {
result.SPhoneticSymbol = items[lastIndex][3];
result.SPhoneticSymbol = escapeHTML(items[lastIndex][3]);
}
}
} catch (error) {
Expand All @@ -356,7 +356,7 @@ function parseTranslate(response, extras) {
if (items.length <= 1) {
let meaningArray = new Array();
items[0][2].forEach(item => meaningArray.push(item[0]));
result.commonMeanings = meaningArray.join(", ");
result.commonMeanings = escapeHTML(meaningArray.join(", "));
// console.log("commonMeanings: " + result.commonMeanings);
}
break;
Expand Down

0 comments on commit c222ba4

Please sign in to comment.