vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Only markdown strings in builder service when explicitly whitelisted

Browse source
This commit is contained in:
Joseph Schorr 2018-09-20 11:35:31 -04:00
parent 8e643ce5d9
commit bfd873c8e4
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
static/js/services/string-builder-service.js
View file

@ -26,6 +26,10 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
'manifest_digest': 'link' 'manifest_digest': 'link'
}; };
var allowMarkdown = {
'description': true,
};
var filters = { var filters = {
'obj': function(value) { 'obj': function(value) {
if (!value) { return []; } if (!value) { return []; }
@ -118,8 +122,12 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
} }
var safe = UtilService.textToSafeHtml(value); var safe = UtilService.textToSafeHtml(value);
var markedDown = UtilService.getMarkedDown(safe); var result = safe;
markedDown = markedDown.substr('<p>'.length, markedDown.length - '<p></p>'.length);
if (allowMarkdown[key]) {
result = UtilService.getMarkedDown(result);
result = result.substr('<p>'.length, result.length - '<p></p>'.length);
}
var icon = fieldIcons[key]; var icon = fieldIcons[key];
if (icon) { if (icon) {
@ -127,12 +135,12 @@ angular.module('quay').factory('StringBuilderService', ['$sce', 'UtilService', f
icon = 'fa-' + icon; icon = 'fa-' + icon;
} }
markedDown = '<i class="fa ' + icon + '"></i>' + markedDown; result = '<i class="fa ' + icon + '"></i>' + result;
} }
var codeTag = opt_codetag || 'code'; var codeTag = opt_codetag || 'code';
description = description.replace('{' + prefix + key + '}', description = description.replace('{' + prefix + key + '}',
'<' + codeTag + '>' + markedDown + '</' + codeTag + '>'); '<' + codeTag + '>' + result + '</' + codeTag + '>');
return description return description
} }