Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
Escape URL and cookie input.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@1030261 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
janl committed Nov 2, 2010
1 parent bcf0a9d commit de1eae133bf5b49ca01a51d48c2317b09c7fb591
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 17 deletions.
@@ -71,17 +71,17 @@
});

// Restore preferences/state
$("#documents thead th.key").toggleClass("desc", $.futon.storage.get("desc"));
var reduce = $.futon.storage.get("reduce");
$("#documents thead th.key").toggleClass("desc", !!$.futon.storage.get("desc"));
var reduce = !!$.futon.storage.get("reduce");
$("#reduce :checkbox")[0].checked = reduce;
$("#grouplevel select").val($.futon.storage.get("group_level"));
$("#grouplevel select").val(parseInt($.futon.storage.get("group_level")));
$("#grouplevel").toggleClass("disabled", !reduce).find("select").each(function() {
this.disabled = !reduce;
});

$("#perpage").val($.futon.storage.get("per_page"));
$("#perpage").val(parseInt($.futon.storage.get("per_page")));

var staleViews = $.futon.storage.get("stale");
var staleViews = !!$.futon.storage.get("stale");
$("#staleviews :checkbox")[0].checked = staleViews;

page.populateViewsMenu();
@@ -42,9 +42,9 @@
});

$(function() {
$("h1 a.dbname").text(page.dbName)
$("h1 a.dbname").text(encodeURIComponent(page.dbName))
.attr("href", "database.html?" + encodeURIComponent(page.db.name));
$("h1 strong").text(page.docId);
$("h1 strong").text(encodeURIComponent(page.docId));
$("h1 a.raw").attr("href", "/" + encodeURIComponent(page.db.name) +
"/" + encodeURIComponent(page.docId));
page.updateFieldListing();
@@ -34,7 +34,7 @@
this.updateSelection(location.pathname + "index.html");
});
}
var dbsPerPage = $.futon.storage.get("per_page");
var dbsPerPage = parseInt($.futon.storage.get("per_page"));
if (dbsPerPage) $("#perpage").val(dbsPerPage);
$("#perpage").change(function() {
page.updateDatabaseListing();
@@ -14,6 +14,13 @@


function loadScript(url) {
// disallow loading remote URLs
if((url.substr(0, 7) == "http://")
|| (url.substr(0, 2) == "//")
|| (url.substr(0, 5) == "data:")
|| (url.substr(0, 11) == "javsacript:")) {
throw "Not loading remote test scripts";
}
if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
};

@@ -97,7 +97,10 @@
// Page class for browse/database.html
CouchDatabasePage: function() {
var urlParts = location.search.substr(1).split("/");
var dbName = decodeURIComponent(urlParts.shift());
var dbName = decodeURIComponent(urlParts.shift())

var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
dbName = dbName.replace(dbNameRegExp, "");

$.futon.storage.declareWithPrefix(dbName + ".", {
desc: {},
@@ -119,7 +122,7 @@
if (viewName) {
this.redirecting = true;
location.href = "database.html?" + encodeURIComponent(dbName) +
"/" + viewName;
"/" + encodeURIComponent(viewName);
}
}
var db = $.couch.db(dbName);
@@ -372,7 +375,8 @@
var path = $.couch.encodeDocId(doc._id) + "/_view/" +
encodeURIComponent(viewNames[j]);
var option = $(document.createElement("option"))
.attr("value", path).text(viewNames[j]).appendTo(optGroup);
.attr("value", path).text(encodeURIComponent(viewNames[j]))
.appendTo(optGroup);
if (path == viewName) {
option[0].selected = true;
}
@@ -408,7 +412,7 @@
}
var viewCode = resp.views[localViewName];
page.viewLanguage = resp.language || "javascript";
$("#language").val(page.viewLanguage);
$("#language").val(encodeURIComponent(page.viewLanguage));
page.updateViewEditor(viewCode.map, viewCode.reduce || "");
$("#viewcode button.revert, #viewcode button.save").attr("disabled", "disabled");
page.storedViewCode = viewCode;
@@ -420,7 +424,7 @@
page.updateViewEditor(page.storedViewCode.map,
page.storedViewCode.reduce || "");
page.viewLanguage = page.storedViewLanguage;
$("#language").val(page.viewLanguage);
$("#language").val(encodeURIComponent(page.viewLanguage));
$("#viewcode button.revert, #viewcode button.save").attr("disabled", "disabled");
page.isDirty = false;
if (callback) callback();
@@ -504,7 +508,8 @@
callback({
docid: "Cannot save to " + data.docid +
" because its language is \"" + doc.language +
"\", not \"" + page.viewLanguage + "\"."
"\", not \"" +
encodeURIComponent(page.viewLanguage) + "\"."
});
return;
}
@@ -16,7 +16,10 @@
escape: function(string) {
return string.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;");
.replace(/>/g, "&gt;")
.replace(/"/, "&quot;")
.replace(/'/, "&#39;;")
;
},

// JSON pretty printing
@@ -215,9 +215,10 @@ function $$(node) {
recentDbs.sort();
$.each(recentDbs, function(idx, name) {
if (name) {
name = encodeURIComponent(name);
$("#dbs").append("<li>" +
"<button class='remove' title='Remove from list' value='" + name + "'></button>" +
"<a href='database.html?" + encodeURIComponent(name) + "' title='" + name + "'>" + name +
"<a href='database.html?" + name + "' title='" + name + "'>" + name +
"</a></li>");
}
});
@@ -36,7 +36,7 @@
}
m = qp.match(/reason=(.*)/);
if (m) {
reason = decodeURIComponent(m[1]);
reason = $.futon.escape(decodeURIComponent(m[1]));
}
});
if (reason) {

0 comments on commit de1eae1

Please sign in to comment.