Only markdown strings in builder service when explicitly whitelisted
This commit is contained in:
parent
8e643ce5d9
commit
bfd873c8e4
1 changed files with 12 additions and 4 deletions
|
@ -26,6 +26,10 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
|
|||
'manifest_digest': 'link'
|
||||
};
|
||||
|
||||
var allowMarkdown = {
|
||||
'description': true,
|
||||
};
|
||||
|
||||
var filters = {
|
||||
'obj': function(value) {
|
||||
if (!value) { return []; }
|
||||
|
@ -118,8 +122,12 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
|
|||
}
|
||||
|
||||
var safe = UtilService.textToSafeHtml(value);
|
||||
var markedDown = UtilService.getMarkedDown(safe);
|
||||
markedDown = markedDown.substr('<p>'.length, markedDown.length - '<p></p>'.length);
|
||||
var result = safe;
|
||||
|
||||
if (allowMarkdown[key]) {
|
||||
result = UtilService.getMarkedDown(result);
|
||||
result = result.substr('<p>'.length, result.length - '<p></p>'.length);
|
||||
}
|
||||
|
||||
var icon = fieldIcons[key];
|
||||
if (icon) {
|
||||
|
@ -127,12 +135,12 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
|
|||
icon = 'fa-' + icon;
|
||||
}
|
||||
|
||||
markedDown = '<i class="fa ' + icon + '"></i>' + markedDown;
|
||||
result = '<i class="fa ' + icon + '"></i>' + result;
|
||||
}
|
||||
|
||||
var codeTag = opt_codetag || 'code';
|
||||
description = description.replace('{' + prefix + key + '}',
|
||||
'<' + codeTag + '>' + markedDown + '</' + codeTag + '>');
|
||||
'<' + codeTag + '>' + result + '</' + codeTag + '>');
|
||||
|
||||
return description
|
||||
}
|
||||
|
|
Reference in a new issue