1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Ensure node names are sanitized before being presented

This commit is contained in:
Nick O'Leary 2019-03-13 16:08:11 +00:00
parent c9ff05ba80
commit 1d7be6457f
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 11 additions and 12 deletions

View File

@ -498,7 +498,6 @@ RED.editor = (function() {
} }
function getEditStackTitle() { function getEditStackTitle() {
var title = '<ul class="editor-tray-breadcrumbs">';
var label; var label;
for (var i=editStack.length-1;i<editStack.length;i++) { for (var i=editStack.length-1;i<editStack.length;i++) {
var node = editStack[i]; var node = editStack[i];
@ -514,29 +513,27 @@ RED.editor = (function() {
} else if (node.type === '_buffer') { } else if (node.type === '_buffer') {
label = RED._("bufferEditor.title"); label = RED._("bufferEditor.title");
} else if (node.type === 'subflow') { } else if (node.type === 'subflow') {
label = RED._("subflow.editSubflow",{name:node.name}) label = RED._("subflow.editSubflow",{name:RED.utils.sanitize(node.name)})
} else if (node.type.indexOf("subflow:")===0) { } else if (node.type.indexOf("subflow:")===0) {
var subflow = RED.nodes.subflow(node.type.substring(8)); var subflow = RED.nodes.subflow(node.type.substring(8));
label = RED._("subflow.editSubflowInstance",{name:subflow.name}) label = RED._("subflow.editSubflowInstance",{name:RED.utils.sanitize(subflow.name)})
} else { } else {
if (typeof node._def.paletteLabel !== "undefined") { if (typeof node._def.paletteLabel !== "undefined") {
try { try {
label = (typeof node._def.paletteLabel === "function" ? node._def.paletteLabel.call(node._def) : node._def.paletteLabel)||""; label = RED.utils.sanitize((typeof node._def.paletteLabel === "function" ? node._def.paletteLabel.call(node._def) : node._def.paletteLabel)||"");
} catch(err) { } catch(err) {
console.log("Definition error: "+node.type+".paletteLabel",err); console.log("Definition error: "+node.type+".paletteLabel",err);
} }
} }
if (i === editStack.length-1) { if (i === editStack.length-1) {
if (RED.nodes.node(node.id)) { if (RED.nodes.node(node.id)) {
label = RED._("editor.editNode",{type:label}); label = RED._("editor.editNode",{type:RED.utils.sanitize(label)});
} else { } else {
label = RED._("editor.addNewConfig",{type:label}); label = RED._("editor.addNewConfig",{type:RED.utils.sanitize(label)});
} }
} }
} }
title += '<li>'+label+'</li>';
} }
title += '</ul>';
return label; return label;
} }
@ -1738,7 +1735,7 @@ RED.editor = (function() {
if (nodeUserFlows[ws.id]) { if (nodeUserFlows[ws.id]) {
workspaceLabel = "* "+workspaceLabel; workspaceLabel = "* "+workspaceLabel;
} }
tabSelect.append('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'>'+workspaceLabel+'</option>'); $('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'></option>').text(workspaceLabel).appendTo(tabSelect);
}); });
tabSelect.append('<option disabled data-i18n="sidebar.config.subflows"></option>'); tabSelect.append('<option disabled data-i18n="sidebar.config.subflows"></option>');
RED.nodes.eachSubflow(function(ws) { RED.nodes.eachSubflow(function(ws) {
@ -1746,7 +1743,7 @@ RED.editor = (function() {
if (nodeUserFlows[ws.id]) { if (nodeUserFlows[ws.id]) {
workspaceLabel = "* "+workspaceLabel; workspaceLabel = "* "+workspaceLabel;
} }
tabSelect.append('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'>'+workspaceLabel+'</option>'); $('<option value="'+ws.id+'"'+(ws.id==editing_config_node.z?" selected":"")+'></option>').text(workspaceLabel).appendTo(tabSelect);
}); });
if (flowCount > 0) { if (flowCount > 0) {
tabSelect.on('change',function() { tabSelect.on('change',function() {
@ -2067,7 +2064,7 @@ RED.editor = (function() {
} }
configNodes.forEach(function(cn) { configNodes.forEach(function(cn) {
select.append('<option value="'+cn.id+'"'+(value==cn.id?" selected":"")+'>'+RED.text.bidi.enforceTextDirectionWithUCC(cn.__label__)+'</option>'); $('<option value="'+cn.id+'"'+(value==cn.id?" selected":"")+'></option>').text(RED.text.bidi.enforceTextDirectionWithUCC(cn.__label__)).appendTo(select);
delete cn.__label__; delete cn.__label__;
}); });

View File

@ -78,6 +78,8 @@ RED.palette = (function() {
var lineHeight = 20; var lineHeight = 20;
var portHeight = 10; var portHeight = 10;
label = RED.utils.sanitize(label);
var words = label.split(/[ -]/); var words = label.split(/[ -]/);
var displayLines = []; var displayLines = [];

View File

@ -294,7 +294,7 @@ RED.sidebar.info = (function() {
if (node.type !== 'tab') { if (node.type !== 'tab') {
if (m) { if (m) {
$('<tr class="blank"><th colspan="2">'+RED._("sidebar.info.subflow")+'</th></tr>').appendTo(tableBody); $('<tr class="blank"><th colspan="2">'+RED._("sidebar.info.subflow")+'</th></tr>').appendTo(tableBody);
$('<tr class="node-info-subflow-row"><td>'+RED._("common.label.name")+'</td><td><span class="bidiAware" dir=\"'+RED.text.bidi.resolveBaseTextDir(subflowNode.name)+'">'+subflowNode.name+'</span></td></tr>').appendTo(tableBody); $('<tr class="node-info-subflow-row"><td>'+RED._("common.label.name")+'</td><td><span class="bidiAware" dir=\"'+RED.text.bidi.resolveBaseTextDir(subflowNode.name)+'">'+RED.utils.sanitize(subflowNode.name)+'</span></td></tr>').appendTo(tableBody);
} }
} }
} }