greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #5086 from FreeCodeCamp/fix/replace-tags 

Make tag replacement more robust
pull/5091/head
Logan Tegman 2015-12-08 12:42:12 -08:00
parent eb740482ec 5270f0e42e
commit 285d7cbf50
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/boot/user.js
View File

@ -21,6 +21,16 @@ function replaceScriptTags(value) {
.replace(/<\/script>/gi, 'fcces');
}
function replaceFormAction(value) {
return value.replace(/<form[^>]*>/, function(val) {
return val.replace(/action(\s*?)=/, 'fccfaa$1=');
});
}
function encodeFcc(value = '') {
return replaceScriptTags(replaceFormAction(value));
}
function calcCurrentStreak(cals) {
const revCals = cals.concat([Date.now()]).slice().reverse();
let streakBroken = false;
@ -256,7 +266,7 @@ module.exports = function(app) {
longestStreak: profileUser.longestStreak,
currentStreak: profileUser.currentStreak,
replaceScriptTags
encodeFcc
});
}
);

8
server/views/account/show.jade
View File

@ -154,9 +154,9 @@ block content
td.col-xs-6.hidden-xs= bonfire.name
td.col-xs-3.hidden-xs= moment(bonfire.completedDate, 'x').format("MMM DD, YYYY")
td.col-xs-3.hidden-xs
a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(replaceScriptTags(bonfire.solution)), target='_blank') View my solution
a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(encodeFcc(bonfire.solution)), target='_blank') View my solution
td.col-xs-12.visible-xs
a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(replaceScriptTags(bonfire.solution)), target='_blank')= bonfire.name
a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(encodeFcc(bonfire.solution)), target='_blank')= bonfire.name
if (waypoints.length > 0)
.col-sm-12
table.table.table-striped
@ -171,12 +171,12 @@ block content
td.col-xs-3.hidden-xs= moment(challenge.completedDate, 'x').format("MMM DD, YYYY")
td.col-xs-3.hidden-xs
if (challenge.solution)
a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(replaceScriptTags(challenge.solution)), target='_blank') View my solution
a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(encodeFcc(challenge.solution)), target='_blank') View my solution
else
a(href='/challenges/' + challenge.name) View this challenge
td.col-xs-12.visible-xs
if (challenge.solution)
a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(replaceScriptTags(challenge.solution)), target='_blank')= challenge.name
a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(encodeFcc(challenge.solution)), target='_blank')= challenge.name
else
a(href='/challenges/' + challenge.name)= challenge.name
if (user && user.username === username)