kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-21 19:49:54 +00:00
Code Issues Projects Releases Wiki Activity

Escape input, fixes #3990

Browse Source
This commit is contained in:
James Cole
2020-10-25 06:36:33 +01:00
parent cf3d9d26fa
commit f6ce49b586
5 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/v1/js/create_transaction.js vendored
View File

File diff suppressed because one or more lines are too long

2
public/v1/js/edit_transaction.js vendored
View File

File diff suppressed because one or more lines are too long

12
resources/assets/js/components/transactions/AccountSelect.vue
View File

@@ -135,7 +135,17 @@ export default {
aSyncFunction: function (query, done) { aSyncFunction: function (query, done) {
axios.get(this.accountAutoCompleteURI + query) axios.get(this.accountAutoCompleteURI + query)
.then(res => { .then(res => {
done(res.data); // loop over data
let escapedData = [];
let current;
for (const key in res.data) {
if (res.data.hasOwnProperty(key) && /^0$|^[1-9]\d*$/.test(key) && key <= 4294967294) {
current = res.data[key];
current.description = this.escapeHtml(res.data[key].description)
escapedData.push(current);
}
}
done(escapedData);
}) })
.catch(err => { .catch(err => {
// any error handler // any error handler

12
resources/assets/js/components/transactions/Category.vue
View File

@@ -94,7 +94,17 @@ export default {
aSyncFunction: function (query, done) { aSyncFunction: function (query, done) {
axios.get(this.categoryAutoCompleteURI + query) axios.get(this.categoryAutoCompleteURI + query)
.then(res => { .then(res => {
done(res.data); // loop over data
let escapedData = [];
let current;
for (const key in res.data) {
if (res.data.hasOwnProperty(key) && /^0$|^[1-9]\d*$/.test(key) && key <= 4294967294) {
current = res.data[key];
current.description = this.escapeHtml(res.data[key].description)
escapedData.push(current);
}
}
done(escapedData);
}) })
.catch(err => { .catch(err => {
// any error handler // any error handler

31
resources/assets/js/components/transactions/TransactionDescription.vue
View File

@@ -83,12 +83,41 @@ export default {
aSyncFunction: function (query, done) { aSyncFunction: function (query, done) {
axios.get(this.descriptionAutoCompleteURI + query) axios.get(this.descriptionAutoCompleteURI + query)
.then(res => { .then(res => {
done(res.data);
// loop over data
let escapedData = [];
let current;
for (const key in res.data) {
if (res.data.hasOwnProperty(key) && /^0$|^[1-9]\d*$/.test(key) && key <= 4294967294) {
current = res.data[key];
current.description = this.escapeHtml(res.data[key].description)
escapedData.push(current);
}
}
done(escapedData);
}) })
.catch(err => { .catch(err => {
// any error handler // any error handler
}) })
}, },
escapeHtml: function (string) {
let entityMap = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
'/': '&#x2F;',
'`': '&#x60;',
'=': '&#x3D;'
};
return String(string).replace(/[&<>"'`=\/]/g, function fromEntityMap(s) {
return entityMap[s];
});
},
search: function (input) { search: function (input) {
return ['ab', 'cd']; return ['ab', 'cd'];
}, },