Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #62 from awslabs/v2-alpha-encode
fix(html): escape
  • Loading branch information
jedsundwall committed Aug 2, 2019
2 parents 2d00d19 + 87efa7d commit 7be671e
Showing 1 changed file with 21 additions and 7 deletions.
28 changes: 21 additions & 7 deletions explorer.js
Expand Up @@ -57,28 +57,41 @@ function bytesToSize(bytes) {
return `${Math.round(bytes / (1024 ** ii), 2)} ${sizes[ii]}`;
}

// Escape strings of HTML
function htmlEscape(str) {
return str
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;')
.replace(/\//g, '&#x2F;')
.replace(/`/g, '&#x60;')
.replace(/=/g, '&#x3D;');
}

// Convert cars/vw/golf.png to golf.png
function fullpath2filename(path) {
return path.replace(/^.*[\\/]/, '');
return htmlEscape(path.replace(/^.*[\\/]/, ''));
}

// Convert cars/vw/golf.png to cars/vw/
function fullpath2pathname(path) {
const index = path.lastIndexOf('/');
return index === -1 ? '/' : path.substring(0, index + 1);
return index === -1 ? '/' : htmlEscape(path.substring(0, index + 1));
}

// Convert cars/vw/ to vw/
function prefix2folder(prefix) {
const parts = prefix.split('/');
return `${parts[parts.length - 2]}/`;
return htmlEscape(`${parts[parts.length - 2]}/`);
}

// Convert cars/vw/sedans/ to cars/vw/
function prefix2parentfolder(prefix) {
const parts = prefix.split('/');
parts.splice(parts.length - 2, 1);
return parts.join('/');
return htmlEscape(parts.join('/'));
}

// Convert cars/vw/golf.png to cars/.../golf.png
Expand All @@ -89,7 +102,7 @@ function path2short(path) {
const soft = `${prefix2parentfolder(fullpath2pathname(path)) + pathHellip}/${fullpath2filename(path)}`;
if (soft.length < pathLimit && soft.length > 2) return soft;
const hard = `${path.substring(0, path.indexOf('/') + 1) + pathHellip}/${fullpath2filename(path)}`;
return hard.length < pathLimit ? hard : path.substring(0, pathLimit) + pathHellip;
return hard.length < pathLimit ? htmlEscape(hard) : htmlEscape(path.substring(0, pathLimit) + pathHellip);
}

// Virtual-hosted-style URL, ex: https://mybucket1.s3.amazonaws.com/index.html
Expand Down Expand Up @@ -364,10 +377,11 @@ function ViewController($scope, SharedService) {
const href = object2hrefvirt($scope.view.settings.bucket, data);

function render(d, href2, text, download) {
const d2 = htmlEscape(d);
if (download) {
return `<a data-s3="object" data-s3key="${d}" href="${href2}" download="${download}">${text}</a>`;
return `<a data-s3="object" data-s3key="${d2}" href="${href2}" download="${download}">${text}</a>`;
}
return `<a data-s3="folder" data-s3key="${d}" href="${href2}">${text}</a>`;
return `<a data-s3="folder" data-s3key="${d2}" href="${href2}">${text}</a>`;
}

if (full.CommonPrefix) {
Expand Down

0 comments on commit 7be671e

Please sign in to comment.