Skip to content

Commit

Permalink
fix(addressbook(js)): sanitize fullname when using HTML
Browse files Browse the repository at this point in the history
  • Loading branch information
@cgx
cgx committed Oct 5, 2021
1 parent 7885932 commit ffed88c
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions UI/WebServerResources/js/Contacts/Card.service.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,11 @@
* @desc The factory we'll use to register with Angular.
* @returns the Card constructor
*/
Card.$factory = ['$q', '$timeout', 'sgSettings', 'sgCard_STATUS', 'encodeUriFilter', 'Resource', 'Preferences', function($q, $timeout, Settings, Card_STATUS, encodeUriFilter, Resource, Preferences) {
Card.$factory = ['$q', '$timeout', 'sgSettings', 'sgCard_STATUS', 'encodeUriFilter', 'linkyFilter', 'Resource', 'Preferences', function($q, $timeout, Settings, Card_STATUS, encodeUriFilter, linkyFilter, Resource, Preferences) {
angular.extend(Card, {
STATUS: Card_STATUS,
encodeUri: encodeUriFilter,
linky: linkyFilter,
$$resource: new Resource(Settings.activeUser('folderURL') + 'Contacts', Settings.activeUser()),
$q: $q,
$timeout: $timeout,
Expand Down Expand Up @@ -334,28 +335,28 @@
};

Card.prototype.$fullname = function(options) {
var fn = this.c_cn || '', html = options && options.html, email, names;
var fn = Card.linky(this.c_cn) || '', html = options && options.html, email, names;
if (fn.length === 0) {
names = [];
if (this.c_givenname && this.c_givenname.length > 0)
names.push(this.c_givenname);
names.push(Card.linky(this.c_givenname));
if (this.nickname && this.nickname.length > 0)
names.push((html?'<em>':'') + this.nickname + (html?'</em>':''));
names.push((html?'<em>':'') + Card.linky(this.nickname) + (html?'</em>':''));
if (this.c_sn && this.c_sn.length > 0)
names.push(this.c_sn);
names.push(Card.linky(this.c_sn));
if (names.length > 0)
fn = names.join(' ');
else if (this.org && this.org.length > 0) {
fn = this.org;
fn = Card.linky(this.org);
}
else if (this.emails && this.emails.length > 0) {
email = _.find(this.emails, function(i) { return i.value !== ''; });
if (email)
fn = email.value;
fn = Card.linky(email.value);
}
}
if (this.contactinfo)
fn += ' (' + this.contactinfo.split("\n").join("; ") + ')';
fn += ' (' + Card.linky(this.contactinfo.split("\n").join("; ")) + ')';

return fn;
};
Expand Down

0 comments on commit ffed88c

Please sign in to comment.