mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Properly escape html strings passed to debug
This commit is contained in:
parent
f2797a4153
commit
52fc497412
@ -19,6 +19,9 @@ RED.utils = (function() {
|
|||||||
function formatString(str) {
|
function formatString(str) {
|
||||||
return str.replace(/\r?\n/g,"↵").replace(/\t/g,"→");
|
return str.replace(/\r?\n/g,"↵").replace(/\t/g,"→");
|
||||||
}
|
}
|
||||||
|
function sanitize(m) {
|
||||||
|
return m.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">");
|
||||||
|
}
|
||||||
|
|
||||||
function buildMessageSummaryValue(value) {
|
function buildMessageSummaryValue(value) {
|
||||||
var result;
|
var result;
|
||||||
@ -35,9 +38,11 @@ RED.utils = (function() {
|
|||||||
result = $('<span class="debug-message-object-value debug-message-type-meta">object</span>');
|
result = $('<span class="debug-message-object-value debug-message-type-meta">object</span>');
|
||||||
}
|
}
|
||||||
} else if (typeof value === 'string') {
|
} else if (typeof value === 'string') {
|
||||||
subvalue = value;
|
var subvalue;
|
||||||
if (subvalue.length > 30) {
|
if (value.length > 30) {
|
||||||
subvalue = subvalue.substring(0,30)+"…";
|
subvalue = sanitize(value.substring(0,30))+"…";
|
||||||
|
} else {
|
||||||
|
subvalue = sanitize(value);
|
||||||
}
|
}
|
||||||
result = $('<span class="debug-message-object-value debug-message-type-string"></span>').html('"'+formatString(subvalue)+'"');
|
result = $('<span class="debug-message-object-value debug-message-type-string"></span>').html('"'+formatString(subvalue)+'"');
|
||||||
} else {
|
} else {
|
||||||
@ -68,7 +73,7 @@ RED.utils = (function() {
|
|||||||
var entryObj;
|
var entryObj;
|
||||||
var header;
|
var header;
|
||||||
var headerHead;
|
var headerHead;
|
||||||
var value,subvalue;
|
var value;
|
||||||
var element = $('<span class="debug-message-element"></span>');
|
var element = $('<span class="debug-message-element"></span>');
|
||||||
if (!key) {
|
if (!key) {
|
||||||
element.addClass("debug-message-top-level");
|
element.addClass("debug-message-top-level");
|
||||||
@ -98,23 +103,26 @@ RED.utils = (function() {
|
|||||||
makeExpandable(header, function() {
|
makeExpandable(header, function() {
|
||||||
$('<span class="debug-message-type-meta debug-message-object-type-header"></span>').html(typeHint||'string').appendTo(header);
|
$('<span class="debug-message-type-meta debug-message-object-type-header"></span>').html(typeHint||'string').appendTo(header);
|
||||||
var row = $('<div class="debug-message-object-entry collapsed"></div>').appendTo(element);
|
var row = $('<div class="debug-message-object-entry collapsed"></div>').appendTo(element);
|
||||||
$('<pre class="debug-message-type-string"></pre>').html(obj).appendTo(row);
|
$('<pre class="debug-message-type-string"></pre>').text(obj).appendTo(row);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
$('<span class="debug-message-type-string debug-message-object-header"></span>').html('"'+formatString(obj)+'"').appendTo(entryObj);
|
$('<span class="debug-message-type-string debug-message-object-header"></span>').html('"'+formatString(sanitize(obj))+'"').appendTo(entryObj);
|
||||||
|
|
||||||
|
|
||||||
} else if (typeof obj === 'number') {
|
} else if (typeof obj === 'number') {
|
||||||
e = $('<span class="debug-message-type-number"></span>').text(""+obj).appendTo(entryObj);
|
e = $('<span class="debug-message-type-number"></span>').text(""+obj).appendTo(entryObj);
|
||||||
e.click(function(evt) {
|
if ((obj^0)===obj) {
|
||||||
var format = $(this).data('format');
|
e.addClass("debug-message-type-number-toggle");
|
||||||
if (format === 'hex') {
|
e.click(function(evt) {
|
||||||
$(this).text(""+obj).data('format','dec');
|
var format = $(this).data('format');
|
||||||
} else {
|
if (format === 'hex') {
|
||||||
$(this).text("0x"+(obj).toString(16)).data('format','hex');
|
$(this).text(""+obj).data('format','dec');
|
||||||
}
|
} else {
|
||||||
evt.preventDefault();
|
$(this).text("0x"+(obj).toString(16)).data('format','hex');
|
||||||
});
|
}
|
||||||
|
evt.preventDefault();
|
||||||
|
});
|
||||||
|
}
|
||||||
} else if (isArray) {
|
} else if (isArray) {
|
||||||
element.addClass('collapsed');
|
element.addClass('collapsed');
|
||||||
|
|
||||||
@ -155,7 +163,7 @@ RED.utils = (function() {
|
|||||||
} catch(err) {
|
} catch(err) {
|
||||||
console.log(err);
|
console.log(err);
|
||||||
}
|
}
|
||||||
$('<pre class="debug-message-type-string"></pre>').html(stringEncoding).appendTo(sr);
|
$('<pre class="debug-message-type-string"></pre>').text(stringEncoding).appendTo(sr);
|
||||||
var bufferOpts = $('<span class="debug-message-buffer-opts"></span>').appendTo(headerHead);
|
var bufferOpts = $('<span class="debug-message-buffer-opts"></span>').appendTo(headerHead);
|
||||||
$('<a href="#"></a>').addClass('selected').html('raw').appendTo(bufferOpts).click(function(e) {
|
$('<a href="#"></a>').addClass('selected').html('raw').appendTo(bufferOpts).click(function(e) {
|
||||||
if ($(this).text() === 'raw') {
|
if ($(this).text() === 'raw') {
|
||||||
|
@ -150,7 +150,8 @@
|
|||||||
.debug-message-type-string { color: #b72828; }
|
.debug-message-type-string { color: #b72828; }
|
||||||
.debug-message-type-null { color: #666; font-style: italic;}
|
.debug-message-type-null { color: #666; font-style: italic;}
|
||||||
.debug-message-type-meta { color: #666; font-style: italic;}
|
.debug-message-type-meta { color: #666; font-style: italic;}
|
||||||
.debug-message-type-number { color: #2033d6;cursor: pointer;}
|
.debug-message-type-number { color: #2033d6; };
|
||||||
|
.debug-message-type-number-toggle { cursor: pointer;}
|
||||||
|
|
||||||
.debug-message-expandable {
|
.debug-message-expandable {
|
||||||
cursor: pointer;
|
cursor: pointer;
|
||||||
|
@ -198,7 +198,7 @@ RED.debug = (function() {
|
|||||||
var name = sanitize(((o.name?o.name:o.id)||"").toString());
|
var name = sanitize(((o.name?o.name:o.id)||"").toString());
|
||||||
var topic = sanitize((o.topic||"").toString());
|
var topic = sanitize((o.topic||"").toString());
|
||||||
var property = sanitize(o.property?o.property:'');
|
var property = sanitize(o.property?o.property:'');
|
||||||
var payload = sanitize((o.msg||"").toString());
|
var payload = o.msg;
|
||||||
var format = sanitize((o.format||"").toString());
|
var format = sanitize((o.format||"").toString());
|
||||||
msg.className = 'debug-message'+(o.level?(' debug-message-level-'+o.level):'') +
|
msg.className = 'debug-message'+(o.level?(' debug-message-level-'+o.level):'') +
|
||||||
((sourceNode&&sourceNode.z)?((" debug-message-flow-"+sourceNode.z+((filter&&(activeWorkspace!==sourceNode.z))?" hide":""))):"");
|
((sourceNode&&sourceNode.z)?((" debug-message-flow-"+sourceNode.z+((filter&&(activeWorkspace!==sourceNode.z))?" hide":""))):"");
|
||||||
|
Loading…
Reference in New Issue
Block a user