Skip to content

Commit

Permalink
Fix escaping
Browse files Browse the repository at this point in the history 
Some data was HTML-escaped in the API results. Now data in API results is
(hopefully) all raw and clients have to escape as needed. One client is,
obviously, taginfo itself and a few places have been changed to do the
right escaping now.

Fixes #19.
  • Loading branch information
@joto
joto committed Jan 30, 2013
1 parent ce090c5 commit 59ca7dc
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 16 deletions.
10 changes: 5 additions & 5 deletions web/lib/api/v4/relation.rb
View file
Expand Up @@ -132,11 +132,11 @@ class Taginfo < Sinatra::Base
res = @db.execute('SELECT * FROM wiki.relation_pages LEFT OUTER JOIN wiki.wiki_images USING (image) WHERE rtype = ? ORDER BY lang', rtype)

return res.map{ |row| {
:lang => h(row['lang']),
:language => h(::Language[row['lang']].native_name),
:language_en => h(::Language[row['lang']].english_name),
:title => h(row['title']),
:description => h(row['description']),
:lang => row['lang'],
:language => ::Language[row['lang']].native_name,
:language_en => ::Language[row['lang']].english_name,
:title => row['title'],
:description => row['description'],
:image => {
:title => row['image'],
:width => row['width'].to_i,
Expand Down
12 changes: 6 additions & 6 deletions web/lib/utils.rb
View file
Expand Up @@ -140,11 +140,11 @@ def api(version, path, doc=nil, &block)
# Used in wiki api calls
def get_wiki_result(res)
return res.map{ |row| {
:lang => h(row['lang']),
:language => h(::Language[row['lang']].native_name),
:language_en => h(::Language[row['lang']].english_name),
:title => h(row['title']),
:description => h(row['description']),
:lang => row['lang'],
:language => ::Language[row['lang']].native_name,
:language_en => ::Language[row['lang']].english_name,
:title => row['title'],
:description => row['description'],
:image => {
:title => row['image'],
:width => row['width'].to_i,
Expand Down Expand Up @@ -175,7 +175,7 @@ def get_josm_style_rules_result(total, res)
:key => row['k'],
:value => row['v'],
:value_bool => row['b'],
:rule => h(row['rule']),
:rule => row['rule'],
:area_color => row['area_color'] ? h(row['area_color'].sub(/^.*#/, '#')) : '',
:line_color => row['line_color'] ? h(row['line_color'].sub(/^.*#/, '#')) : '',
:line_width => row['line_width'] ? row['line_width'].to_i : 0,
Expand Down
2 changes: 1 addition & 1 deletion web/public/js/taginfo.js
View file
Expand Up @@ -197,7 +197,7 @@ function link_to_wiki(title, options) {

return link(
url_for_wiki(title, options),
title,
html_escape(title),
{ target: '_blank', 'class': 'extlink' }
);
}
Expand Down
4 changes: 2 additions & 2 deletions web/viewsjs/key.js.erb
View file
Expand Up @@ -49,7 +49,7 @@ var create_flexigrid_for = {
hover_expand(link_to_value(key, row.value)),
fmt_value_with_percent(row.count, row.fraction),
fmt_checkmark(row.in_wiki),
row.description
html_escape(row.description)
] };
});
delete data.data;
Expand Down Expand Up @@ -105,7 +105,7 @@ var create_flexigrid_for = {
return { 'cell': [
fmt_language(row.lang, row.language, row.language_en),
link_to_wiki(row.title),
row.description,
html_escape(row.description),
fmt_wiki_image_popup(row.image),
fmt_type_icon('node', row.on_node) +
fmt_type_icon('way', row.on_way) +
Expand Down
2 changes: 1 addition & 1 deletion web/viewsjs/relation.js.erb
View file
Expand Up @@ -75,7 +75,7 @@ var create_flexigrid_for = {
return { 'cell': [
fmt_language(row.lang, row.language, row.language_en),
link_to_wiki(row.title),
row.description,
html_escape(row.description),
fmt_wiki_image_popup(row.image)
]};
})
Expand Down
2 changes: 1 addition & 1 deletion web/viewsjs/tag.js.erb
View file
Expand Up @@ -85,7 +85,7 @@ var create_flexigrid_for = {
return { 'cell': [
fmt_language(row.lang, row.language, row.language_en),
link_to_wiki(row.title),
row.description,
html_escape(row.description),
fmt_wiki_image_popup(row.image),
fmt_type_icon('node', row.on_node) +
fmt_type_icon('way', row.on_way) +
Expand Down

0 comments on commit 59ca7dc

Please sign in to comment.