Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
refine ZK-3567
  • Loading branch information
DevChu committed Jan 20, 2017
1 parent 991bdcd commit 341d49d
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 37 deletions.
10 changes: 10 additions & 0 deletions zk/src/archive/web/js/zk/utl.js
Expand Up @@ -687,6 +687,16 @@ zUtl.parseMap("a='b c',c=de", ',', "'\"");
for (var n in _imgMap)
return true;
return false;
},
/**
* escape html text
* For example,
* &lt; img / &gt; -> <img />
* @param String original html text
* @since 8.0.4.1
*/
escapeHTMLText: function (text) {
return jq('<div/>').text(text).html();
}
};

Expand Down
2 changes: 1 addition & 1 deletion zk/src/archive/web/js/zk/widget.js
Expand Up @@ -362,7 +362,7 @@ it will be useful, but WITHOUT ANY WARRANTY.
if (msg != null) {
jq(document.body).append(
'<div id="zk_ddghost" class="z-drop-ghost z-drop-disallow" style="position:absolute;top:'
+ ofs[1] + 'px;left:' + ofs[0] + 'px;"><div class="z-drop-content"><span id="zk_ddghost-img" class="z-drop-icon"></span>&nbsp;' + jq('<div/>').text(msg).html() + '</div></div>');
+ ofs[1] + 'px;left:' + ofs[0] + 'px;"><div class="z-drop-content"><span id="zk_ddghost-img" class="z-drop-icon"></span>&nbsp;' + zUtl.escapeHTMLText(msg) + '</div></div>');
drag._dragImg = jq('#zk_ddghost-img')[0];
return jq('#zk_ddghost')[0];
}
Expand Down
2 changes: 1 addition & 1 deletion zk/src/archive/web/js/zk/zk.js
Expand Up @@ -1892,7 +1892,7 @@ zk._Erbx = zk.$extends(zk.Object, { //used in HTML tags
jq('#' + id + ' .errornumbers')
.html(++_errcnt + ' Errors');
jq('#' + id + ' .messages')
.append('<div class="newmessage">' + jq('<div/>').text(msg).html() + '</hr></div>');
.append('<div class="newmessage">' + zUtl.escapeHTMLText(msg) + '</hr></div>');
jq('#' + id + ' .newmessage')
.removeClass('newmessage').addClass('message').slideDown(600);
},
Expand Down
42 changes: 14 additions & 28 deletions zktest/src/archive/test2/B80-ZK-3567.zul
Expand Up @@ -13,32 +13,18 @@ Copyright (C) 2017 Potix Corporation. All Rights Reserved.
-->
<zk>
<window title="You should not see any zk log!" border="normal">
<listbox >
<listhead>
<listheader label="Xss - drag the row to see it burn!"/>
</listhead>
<listitem height="28px" label="&lt;img src=x onerror=zk.log('xss')&gt;" draggable="true"/>
<listitem height="28px" label="&lt;111&gt;" draggable="true"/>
</listbox>
<listbox emptyMessage="&lt;img src=x onerror=zk.log('xss')&gt;">
<listhead sizable="true">
<listheader label="Type" width="520px" />
<listheader label="Content" hflex="min" />
<listheader label="Content" hflex="1" />
</listhead>
</listbox>
<listbox name='"&gt;&lt;img src=x onerror=zk.log("xss")&gt;'>
<listitem selected="true"></listitem>
</listbox>
<grid emptyMessage="&lt;img src=x onerror=zk.log('xss')&gt;">
<columns sizable="true">
<column label="Type" width="520px" />
<column label="Content" hflex="min" />
<column label="Content" hflex="1" />
</columns>
</grid>
<button autodisable="self" upload="true,multiple=false,native" tooltiptext='"&gt; &lt;img src=x onerror=zk.log("xss")/&gt;'
onUpload="Clients.showNotification(event.getMedia().getName())" label="button with tooltiptext"/>
</window>

<listbox>
<listhead>
<listheader label="drag the row and you should not see zk log"/>
</listhead>
<listitem height="28px" label="&lt;img src=x onerror=zk.log('xss')&gt;" draggable="true"/>
</listbox>
<label>Select the listitem, and you should not see any zk log!</label>
<listbox name='"&gt;&lt;img src=x onerror=zk.log("xss")&gt;'>
<listitem label="Select Me" value="\&quot;/&gt;&lt;script&gt;zk.log('xss')&lt;/script&gt;"/>
</listbox>
<label>Mouse hover and see the tooltip. You should not see any zk log!</label>
<button autodisable="self" upload="true,multiple=false,native" tooltiptext='"&gt; &lt;img src=x onerror=zk.log("xss")/&gt;'
onUpload="" label="button with tooltiptext"/>
</zk>
2 changes: 1 addition & 1 deletion zul/src/archive/web/js/zul/Upload.js
Expand Up @@ -144,7 +144,7 @@ zul.Upload = zk.$extends(zk.Object, {
parent = this._parent,
ref = wgt.$n(), dt = wgt.desktop,
html = '<span class="z-upload"'
+ (this._tooltiptext ? ' title="' + jq('<div/>').text(this._tooltiptext).html() + '"' : '') // ZK-751
+ (this._tooltiptext ? ' title="' + zUtl.escapeHTMLText(this._tooltiptext) + '"' : '') // ZK-751
+ '><form enctype="multipart/form-data" method="POST">'
+ '<input name="file" type="file"'
// multiple="" for Firefox, multiple for Chrome
Expand Down
4 changes: 2 additions & 2 deletions zul/src/archive/web/js/zul/grid/Grid.js
Expand Up @@ -60,7 +60,7 @@ zul.grid.Grid = zk.$extends(zul.mesh.MeshWidget, {
*/
emptyMessage: function (msg) {
if (this.desktop)
jq(this.$n('empty')).html(jq('<div/>').text(msg).html());
jq(this.$n('empty')).html(msg);
}
},
/** Returns the specified cell, or null if not available.
Expand Down Expand Up @@ -171,7 +171,7 @@ zul.grid.Grid = zk.$extends(zul.mesh.MeshWidget, {
redrawEmpty_: function (out) {
out.push('<tbody class="', this.$s('emptybody'), '"><tr><td id="'
, this.uuid, '-empty" style="display:none">',
jq('<div/>').text(this._emptyMessage).html(),'</td></tr></tbody>');
this._emptyMessage,'</td></tr></tbody>');
},
bind_: function (desktop, skipper, after) {
this.$supers(Grid, 'bind_', arguments);
Expand Down
4 changes: 2 additions & 2 deletions zul/src/archive/web/js/zul/sel/Listbox.js
Expand Up @@ -82,7 +82,7 @@ zul.sel.Listbox = zk.$extends(zul.sel.SelectWidget, {
*/
emptyMessage: function (msg) {
if (this.desktop)
jq(this.$n('empty')).html(jq('<div/>').text(msg).html());
jq(this.$n('empty')).html(msg);
}
},
$init: function () {
Expand Down Expand Up @@ -394,7 +394,7 @@ zul.sel.Listbox = zk.$extends(zul.sel.SelectWidget, {
redrawEmpty_: function (out) {
out.push('<tbody class="', this.$s('emptybody'), '"><tr><td id="',
this.uuid, '-empty" style="display:none">',
jq('<div/>').text(this._emptyMessage).html() ,'</td></tr></tbody>');
this._emptyMessage,'</td></tr></tbody>');
},
replaceChildHTML_: function (child, n, desktop, skipper, _trim_) {
if (child._renderdefer) {
Expand Down
4 changes: 2 additions & 2 deletions zul/src/archive/web/js/zul/sel/SelectWidget.js
Expand Up @@ -274,9 +274,9 @@ zul.sel.SelectWidget = zk.$extends(zul.mesh.MeshWidget, {

// don't use jq.newHidden() in this case, because the performance is not good.
var data = '',
tmp = '<input type="hidden" name="' + jq('<div/>').text(this._name).html() + '" value="';
tmp = '<input type="hidden" name="' + zUtl.escapeHTMLText(this._name) + '" value="';
for (var i = 0, j = this._selItems.length; i < j; i++)
data += tmp + this._selItems[i].getValue() + '"/>';
data += tmp + zUtl.escapeHTMLText(this._selItems[i].getValue()) + '"/>';

jq(this.efield).append(data);
} else if (this.efield) {
Expand Down

0 comments on commit 341d49d

Please sign in to comment.