[Pkg-mozext-commits] [adblock-plus-element-hiding-helper] 220/483: Better escaping of dangerous charaters in CSS code
David Prévot
taffit at moszumanska.debian.org
Thu Jan 22 21:41:43 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository adblock-plus-element-hiding-helper.
commit f00afbe3b9617ea6b50677d50b8ee65f9450bdad
Author: Wladimir Palant <trev at adblockplus.org>
Date: Wed Sep 22 13:19:36 2010 +0200
Better escaping of dangerous charaters in CSS code
---
chrome/content/composer.js | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/chrome/content/composer.js b/chrome/content/composer.js
index c5cc484..8cdd32d 100644
--- a/chrome/content/composer.js
+++ b/chrome/content/composer.js
@@ -203,8 +203,7 @@ function updateExpression() {
if (attr.checked) {
var escapedName = attr.name.replace(/([^\w\-])/g, "\\$1")
- .replace(/\\\{/g, "\\7B ")
- .replace(/\\\}/g, "\\7D ");
+ .replace(/\\([\{\}])/g, escapeChar);
if (attr.selected != "") {
var op = "*=";
if (attr.selected == attr.value)
@@ -233,8 +232,8 @@ function updateExpression() {
if (useFallback) {
var escapedValue = attr.selected.replace(/"/g, '\\"')
- .replace(/\{/, "\\7B ")
- .replace(/\}/, "\\7D ");
+ .replace(/([\{\}])/g, escapeChar)
+ .replace(/([^\S ])/g, escapeChar);
expression += "[" + escapedName + op + '"' + escapedValue + '"' + "]";
}
}
@@ -247,8 +246,8 @@ function updateExpression() {
if (curNode.customCSS.checked && curNode.customCSS.selected != "")
{
expression += curNode.customCSS.selected
- .replace(/\{/, "\\7B ")
- .replace(/\}/, "\\7D ");
+ .replace(/([\{\}])/g, escapeChar)
+ .replace(/([^\S ])/g, escapeChar);
}
if ("firstChild" in curNode && curNode.firstChild.checked)
@@ -333,6 +332,14 @@ function updateExpression() {
previewStyle.setAttribute("href", stylesheetURL);
}
+function escapeChar(dummy, match)
+{
+ let code = match.charCodeAt(0).toString(16);
+ while (code.length < 6)
+ code = "0" + code;
+ return "\\" + code;
+}
+
function fillDomains(domainData) {
var list = document.getElementById("domainGroup");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/adblock-plus-element-hiding-helper.git
More information about the Pkg-mozext-commits
mailing list