paul
/
plemp-node
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Escape the HTML in text/code (closes: #4fe9c7)

This commit is contained in:
Paul van Tilburg 2012-02-11 01:35:25 +01:00
parent 4ec1c46e5d
commit 7c685ddd29
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app.js
View File

@ -34,6 +34,15 @@ function currentTimestamp() {
return new Date().getTime();
}
// Escape the HTML.
function escapeHTML(text) {
return text.replace(/&/g,'&')
.replace(/</g,'&lt;')
.replace(/>/g,'&gt;')
.replace(/"/g,'&quot;')
.replace(/'/g,'&#039;');
}
// Compacts an array by removing all undefined values.
function compact(arr) {
if (!arr) return null;
@ -274,12 +283,13 @@ app.get('/draggables/:id', function(req, res) {
content = '<audio src="' + file_name + '" controls="true"></audio>';
break;
case "text":
file_contents = fs.readFileSync(__dirname + "/public/upload/" + drag.name);
content = '<pre>' + file_contents + '</pre>';
file_contents = fs.readFileSync(__dirname + "/public/upload/" + drag.name, 'utf8');
content = '<pre>' + escapeHTML(file_contents) + '</pre>';
break;
case 'application': // FIXME: treat as code for now, but it is probably wrong
file_contents = fs.readFileSync(__dirname + "/public/upload/" + drag.name);
content = '<pre><code class="' + drag.type + '">' + file_contents +
file_contents = fs.readFileSync(__dirname + "/public/upload/" + drag.name, 'utf8');
content = '<pre><code class="' + drag.type + '">' +
escapeHTML(file_contents) +
'</code></pre>';
break;
default: