Permalink
Browse files

Added stricter URL filtering to prevent DOM Based XSS when the tree v…

…iew is enabled
  • Loading branch information...
Dimitri van Heesch
Dimitri van Heesch committed Apr 19, 2014
1 parent 385b87e commit 8ba739ad1ecde1036bfe2e364aee378e137f6dff
Showing with 28 additions and 18 deletions.
  1. +28 −18 src/navtree.js
View
@@ -1,5 +1,3 @@
var SYNCONMSG = 'click to disable panel synchronisation';
var SYNCOFFMSG = 'click to enable panel synchronisation';
var navTreeSubIndices = new Array();
function getData(varName)
@@ -22,6 +20,21 @@ function stripPath2(uri)
return m ? uri.substring(i-6) : s;
}
function hashValue()
{
return $(location).attr('hash').substring(1).replace(/[^\w\-]/g,'');
}
function hashUrl()
{
return '#'+hashValue();
}
function pathName()
{
return $(location).attr('pathname').replace(/[^-A-Za-z0-9+&@#/%?=~_|!:,.;\(\)]/g, '');
}
function localStorageSupported()
{
try {
@@ -44,7 +57,7 @@ function deleteLink()
{
if (localStorageSupported()) {
window.localStorage.setItem('navpath','');
}
}
}
function cachedLink()
@@ -180,7 +193,7 @@ function newNode(o, po, text, link, childrenData, lastNode)
a.className = stripPath(link.replace('#',':'));
if (link.indexOf('#')!=-1) {
var aname = '#'+link.split('#')[1];
var srcPage = stripPath($(location).attr('pathname'));
var srcPage = stripPath(pathName());
var targetPage = stripPath(link.split('#')[0]);
a.href = srcPage!=targetPage ? url : "javascript:void(0)";
a.onclick = function(){
@@ -274,11 +287,10 @@ function glowEffect(n,duration)
function highlightAnchor()
{
var aname = $(location).attr('hash');
var aname = hashUrl();
var anchor = $(aname);
if (anchor.parent().attr('class')=='memItemLeft'){
var rows = $('.memberdecls tr[class$="'+
window.location.hash.substring(1).replace(/</g,'\\3c ')+'"]');
var rows = $('.memberdecls tr[class$="'+hashValue()+'"]');
glowEffect(rows.children(),300); // member without details
} else if (anchor.parent().attr('class')=='fieldname'){
glowEffect(anchor.parent().parent(),1000); // enum value
@@ -296,8 +308,8 @@ function selectAndHighlight(hash,n)
{
var a;
if (hash) {
var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1);
a=$('.item a[class$="'+link.replace(/</g,'\\3c ')+'"]');
var link=stripPath(pathName())+':'+hash.substring(1);
a=$('.item a[class$="'+link+'"]');
}
if (a && a.length) {
a.parent().parent().addClass('selected');
@@ -407,14 +419,13 @@ function navTo(o,root,hash,relpath)
if (link) {
var parts = link.split('#');
root = parts[0];
if (parts.length>1) hash = '#'+parts[1];
if (parts.length>1) hash = '#'+parts[1].replace(/[^\w\-]/g,'');
else hash='';
}
if (hash.match(/^#l\d+$/)) {
var anchor=$('a[name='+hash.substring(1)+']');
glowEffect(anchor.parent(),1000); // line number
hash=''; // strip line number anchors
//root=root.replace(/_source\./,'.'); // source link to doc link
}
var url=root+hash;
var i=-1;
@@ -448,7 +459,7 @@ function toggleSyncButton(relpath)
if (navSync.hasClass('sync')) {
navSync.removeClass('sync');
showSyncOff(navSync,relpath);
storeLink(stripPath2($(location).attr('pathname'))+$(location).attr('hash'));
storeLink(stripPath2(pathName())+hashUrl());
} else {
navSync.addClass('sync');
showSyncOn(navSync,relpath);
@@ -488,29 +499,28 @@ function initNavTree(toroot,relpath)
}
$(window).load(function(){
navTo(o,toroot,window.location.hash,relpath);
navTo(o,toroot,hashUrl(),relpath);
showRoot();
});
$(window).bind('hashchange', function(){
if (window.location.hash && window.location.hash.length>1){
var a;
if ($(location).attr('hash')){
var clslink=stripPath($(location).attr('pathname'))+':'+
$(location).attr('hash').substring(1);
var clslink=stripPath(pathName())+':'+hashValue();
a=$('.item a[class$="'+clslink.replace(/</g,'\\3c ')+'"]');
}
if (a==null || !$(a).parent().parent().hasClass('selected')){
$('.item').removeClass('selected');
$('.item').removeAttr('id');
}
var link=stripPath2($(location).attr('pathname'));
navTo(o,link,$(location).attr('hash'),relpath);
var link=stripPath2(pathName());
navTo(o,link,hashUrl(),relpath);
} else if (!animationInProgress) {
$('#doc-content').scrollTop(0);
$('.item').removeClass('selected');
$('.item').removeAttr('id');
navTo(o,toroot,window.location.hash,relpath);
navTo(o,toroot,hashUrl(),relpath);
}
})
}

0 comments on commit 8ba739a

Please sign in to comment.