Skip to content
This repository was archived by the owner on Sep 30, 2020. It is now read-only.

Commit 929217c

Browse files
brsonbrson
committed
Merge pull request #31 from SergioBenitez/gh-pages
Text is now HTML escaped before being pushed onto the DOM.
2 parents f0265d9 + cf30d0f commit 929217c

File tree

1 file changed

+17
-4
lines changed

1 file changed

+17
-4
lines changed

js/editor.js

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ if (typeof String.prototype.startsWith != 'function') {
55
};
66
}
77

8+
// Regex for finding new lines
9+
var newLineRegex = /(?:\r\n|\r|\n)/g;
10+
811
// Fetching DOM items
912
var activeCode = document.getElementById("active-code");
1013
var editorDiv = document.getElementById("editor");
@@ -55,6 +58,16 @@ function updateEditorHeight() {
5558
// Set initial size to match initial content
5659
updateEditorHeight();
5760

61+
function escapeHTML(unsafe) {
62+
return unsafe
63+
.replace(/&/g, "&")
64+
.replace(/</g, "&lt;")
65+
.replace(/>/g, "&gt;")
66+
.replace(/"/g, "&quot;")
67+
.replace(/'/g, "&#039;")
68+
.replace(newLineRegex, '<br />');
69+
}
70+
5871
// Dispatches a XMLHttpRequest to the Rust playpen, running the program, and
5972
// issues a callback to `callback` with the result (or null on error)
6073
function runProgram(program, callback) {
@@ -95,8 +108,6 @@ function runProgram(program, callback) {
95108

96109
// The callback to runProgram
97110
function handleResult(statusCode, message) {
98-
var message = message.replace(/(?:\r\n|\r|\n)/g, '<br />');
99-
100111
// Dispatch depending on result type
101112
if (result == null) {
102113
resultDiv.style.backgroundColor = errorColor;
@@ -113,7 +124,7 @@ function handleResult(statusCode, message) {
113124
// Called on successful program run
114125
function handleSuccess(message) {
115126
resultDiv.style.backgroundColor = successColor;
116-
resultDiv.innerHTML = message;
127+
resultDiv.innerHTML = escapeHTML(message);
117128
}
118129

119130
// Called when program run results in warning(s)
@@ -133,7 +144,7 @@ function handleError(message) {
133144
// in the code.
134145
function handleProblem(message, problem) {
135146
// Getting list of ranges with problems
136-
var lines = message.split("<br />");
147+
var lines = message.split(newLineRegex);
137148

138149
// Cleaning up the message: keeps only relevant problem output
139150
var cleanMessage = lines.map(function(line) {
@@ -148,6 +159,8 @@ function handleProblem(message, problem) {
148159
return line;
149160
}).filter(function(line) {
150161
return line !== "";
162+
}).map(function(line) {
163+
return escapeHTML(line);
151164
}).join("<br />");
152165

153166
// Setting message

0 commit comments

Comments
 (0)