frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Ensure node names are sanitized before being presented

This commit is contained in:
Nick O'Leary 2019-03-13 16:08:11 +00:00
parent c9ff05ba80
commit 1d7be6457f
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
packages/node_modules/@node-red/editor-client/src/js/ui/editor.js vendored
View File

@ -498,7 +498,6 @@ RED.editor = (function() {
}
function getEditStackTitle() {
var title = '<ul class="editor-tray-breadcrumbs">';
var label;
for (var i=editStack.length-1;i<editStack.length;i++) {
var node = editStack[i];
@ -514,29 +513,27 @@ RED.editor = (function() {
} else if (node.type === '_buffer') {
label = RED._("bufferEditor.title");
} else if (node.type === 'subflow') {
label = RED._("subflow.editSubflow",{name:node.name})
label = RED._("subflow.editSubflow",{name:RED.utils.sanitize(node.name)})
} else if (node.type.indexOf("subflow:")===0) {
var subflow = RED.nodes.subflow(node.type.substring(8));
label = RED._("subflow.editSubflowInstance",{name:subflow.name})
label = RED._("subflow.editSubflowInstance",{name:RED.utils.sanitize(subflow.name)})
} else {
if (typeof node._def.paletteLabel !== "undefined") {
try {
label = (typeof node._def.paletteLabel === "function" ? node._def.paletteLabel.call(node._def) : node._def.paletteLabel)||"";
label = RED.utils.sanitize((typeof node._def.paletteLabel === "function" ? node._def.paletteLabel.call(node._def) : node._def.paletteLabel)||"");
} catch(err) {
console.log("Definition error: "+node.type+".paletteLabel",err);
}
}
if (i === editStack.length-1) {
if (RED.nodes.node(node.id)) {
label = RED._("editor.editNode",{type:label});
label = RED._("editor.editNode",{type:RED.utils.sanitize(label)});
} else {
label = RED._("editor.addNewConfig",{type:label});
label = RED._("editor.addNewConfig",{type:RED.utils.sanitize(label)});
}
}
}
title += '<li>'+label+'</li>';
}
title += '</ul>';
return label;
}
@ -1738,7 +1735,7 @@ RED.editor = (function() {
if (nodeUserFlows[ws.id]) {
workspaceLabel = "* "+workspaceLabel;
}
tabSelect.append('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'>'+workspaceLabel+'</option>');
$('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'></option>').text(workspaceLabel).appendTo(tabSelect);
});
tabSelect.append('<option disabled data-i18n="sidebar.config.subflows"></option>');
RED.nodes.eachSubflow(function(ws) {
@ -1746,7 +1743,7 @@ RED.editor = (function() {
if (nodeUserFlows[ws.id]) {
workspaceLabel = "* "+workspaceLabel;
}
tabSelect.append('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'>'+workspaceLabel+'</option>');
$('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'></option>').text(workspaceLabel).appendTo(tabSelect);
});
if (flowCount > 0) {
tabSelect.on('change',function() {
@ -2067,7 +2064,7 @@ RED.editor = (function() {
}
configNodes.forEach(function(cn) {
select.append('<option value="'+cn.id+'"'+(value==cn.id?" selected":"")+'>'+RED.text.bidi.enforceTextDirectionWithUCC(cn.__label__)+'</option>');
$('<option value="'+cn.id+'"'+(value==cn.id?" selected":"")+'></option>').text(RED.text.bidi.enforceTextDirectionWithUCC(cn.__label__)).appendTo(select);
delete cn.__label__;
});

2
packages/node_modules/@node-red/editor-client/src/js/ui/palette.js vendored
View File

@ -78,6 +78,8 @@ RED.palette = (function() {
var lineHeight = 20;
var portHeight = 10;
label = RED.utils.sanitize(label);
var words = label.split(/[ -]/);
var displayLines = [];

2
packages/node_modules/@node-red/editor-client/src/js/ui/tab-info.js vendored
View File

@ -294,7 +294,7 @@ RED.sidebar.info = (function() {
if (node.type !== 'tab') {
if (m) {
$('<tr class="blank"><th colspan="2">'+RED._("sidebar.info.subflow")+'</th></tr>').appendTo(tableBody);
$('<tr class="node-info-subflow-row"><td>'+RED._("common.label.name")+'</td><td><span class="bidiAware" dir=\"'+RED.text.bidi.resolveBaseTextDir(subflowNode.name)+'">'+subflowNode.name+'</span></td></tr>').appendTo(tableBody);
$('<tr class="node-info-subflow-row"><td>'+RED._("common.label.name")+'</td><td><span class="bidiAware" dir=\"'+RED.text.bidi.resolveBaseTextDir(subflowNode.name)+'">'+RED.utils.sanitize(subflowNode.name)+'</span></td></tr>').appendTo(tableBody);
}
}
}