HTML escape subtitle input to prevent any monkey business.

pculture · Jan 20, 2014 · 9a5c663cbfce020984f34027170ec17197b765e3 · 9a5c663
1 parent 88255f8
commit 9a5c663cbfce020984f34027170ec17197b765e3
Unified Split

Showing with 5 additions and 4 deletions.

+3 −2 media/js/widget/subtitle/subtitlewidget.js

+2 −2 media/src/js/subtitle-editor/subtitles/directives.js
diff --git a/media/js/widget/subtitle/subtitlewidget.js b/media/js/widget/subtitle/subtitlewidget.js
@@ -241,7 +241,7 @@ unisubs.subtitle.SubtitleWidget.prototype.switchToEditMode = function() {
    this.textareaElem_ = this.getDomHelper().createDom(
        'textarea', 'unisubs-subedit');
    goog.dom.append(this.titleElem_, this.textareaElem_);
-    this.textareaElem_.value = this.originalNode_.getText();
+    this.textareaElem_.value = goog.string.unescapeEntities(this.originalNode_.getText());
    this.textareaElem_.focus();
    this.keyHandler_ = new goog.events.KeyHandler(this.textareaElem_);
    this.getHandler().listen(this.keyHandler_,
@@ -259,10 +259,11 @@ unisubs.subtitle.SubtitleWidget.prototype.handleKey_ = function(event) {
 unisubs.subtitle.SubtitleWidget.prototype.switchToView_ = function() {
    if (!this.showingTextarea_)
        return;
+
    unisubs.subtitle.SubtitleWidget.editing_ = null;
    this.getHandler().unlisten(this.keyHandler_);
    this.disposeEventHandlers_();
-    this.originalNode_.setText(this.textareaElem_.value);
+    this.originalNode_.setText(goog.string.htmlEscape(this.textareaElem_.value));
    goog.dom.removeNode(this.textareaElem_);
    this.titleElem_.appendChild(this.titleElemInner_);
    this.showingTextarea_ = false;
diff --git a/media/src/js/subtitle-editor/subtitles/directives.js b/media/src/js/subtitle-editor/subtitles/directives.js
@@ -352,7 +352,7 @@ var USER_IDLE_MINUTES = 15;
                var li = subtitleMap[draft.storedSubtitle.id];
                li.addClass('edit');
                var textarea = $('<textarea class="subtitle-edit" />');
-                textarea.val(draft.markdown);
+                textarea.val(_.unescape(draft.markdown));
                li.append(textarea);
                textarea.autosize();
                textarea.focus();
@@ -364,7 +364,7 @@ var USER_IDLE_MINUTES = 15;
                DomUtil.setSelectionRange(textarea[0], caretPos, caretPos);
                textarea.on('keyup', function(evt) {
                    $scope.$apply(function() {
-                        draft.markdown = textarea.val();
+                        draft.markdown = _.escape(textarea.val());
                    });
                });
                if(attrs.editKeydown) {