smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #860 from kiwix/handling_of_suggestion_links_with_single_quotes

This commit is contained in:
Matthieu Gautier 2022-12-21 12:02:58 +01:00 committed by GitHub
parent a10067e6b6 f3d2f474a7
commit 90318dfb6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
static/skin/viewer.js
View File

@ -43,17 +43,27 @@ function gotoMainPageOfCurrentBook() {
} }
function gotoUrl(url) { function gotoUrl(url) {
contentIframe.src = url; contentIframe.src = root + url;
} }
function gotoRandomPage() { function gotoRandomPage() {
gotoUrl(`${root}/random?content=${currentBook}`); gotoUrl(`/random?content=${currentBook}`);
} }
function performSearch() { function performSearch() {
const searchbox = document.getElementById('kiwixsearchbox'); const searchbox = document.getElementById('kiwixsearchbox');
const q = encodeURIComponent(searchbox.value); const q = encodeURIComponent(searchbox.value);
gotoUrl(`${root}/search?books.name=${currentBook}&pattern=${q}`); gotoUrl(`/search?books.name=${currentBook}&pattern=${q}`);
}
function makeJSLink(jsCodeString, linkText, linkAttr="") {
// Values of the href attribute are assumed by the browser to be
// fully URI-encoded (no matter what the scheme is). Therefore, in
// order to prevent the browser from decoding any URI-encoded parts
// in the JS code we have to URI-encode a second time.
// (see https://stackoverflow.com/questions/33721510)
const uriEncodedJSCode = encodeURIComponent(jsCodeString);
return `<a ${linkAttr} href="javascript:${uriEncodedJSCode}">${linkText}</a>`;
} }
function suggestionsApiURL() function suggestionsApiURL()
@ -336,20 +346,21 @@ function setupSuggestions() {
}, },
resultItem: { resultItem: {
element: (item, data) => { element: (item, data) => {
let searchLink; const uriEncodedBookName = encodeURIComponent(currentBook);
let url;
if (data.value.kind == "path") { if (data.value.kind == "path") {
searchLink = `${root}/${currentBook}/${htmlDecode(data.value.path)}`; const path = encodeURIComponent(htmlDecode(data.value.path));
url = `/${uriEncodedBookName}/${path}`;
} else { } else {
searchLink = `${root}/search?content=${encodeURIComponent(currentBook)}&pattern=${encodeURIComponent(htmlDecode(data.value.value))}`; const pattern = encodeURIComponent(htmlDecode(data.value.value));
url = `/search?content=${uriEncodedBookName}&pattern=${pattern}`;
} }
const jsAction = `gotoUrl('${searchLink}')`; // url can't contain any double quote and/or backslash symbols
// Values of the href attribute are assumed by the browser to be // since they should have been URI-encoded. Therefore putting it
// fully URI-encoded (no matter what the scheme is). Therefore, in // inside double quotes should result in valid javascript.
// order to prevent the browser from decoding the URI-encoded parts const jsAction = `gotoUrl("${url}")`;
// of searchLink we have to URI-encode a second time. const linkText = htmlDecode(data.value.label);
// (see https://stackoverflow.com/questions/33721510) item.innerHTML = makeJSLink(jsAction, linkText, 'class="suggest"');
const jsActionURIEncoded = encodeURIComponent(jsAction);
item.innerHTML = `<a class="suggest" href="javascript:${jsActionURIEncoded}">${htmlDecode(data.value.label)}</a>`;
}, },
highlight: "autoComplete_highlight", highlight: "autoComplete_highlight",
selected: "autoComplete_selected" selected: "autoComplete_selected"

4
test/server.cpp
View File

@ -69,7 +69,7 @@ const ResourceCollection resources200Compressible{
{ DYNAMIC_CONTENT, "/ROOT/skin/taskbar.css" }, { DYNAMIC_CONTENT, "/ROOT/skin/taskbar.css" },
{ STATIC_CONTENT, "/ROOT/skin/taskbar.css?cacheid=216d6b5d" }, { STATIC_CONTENT, "/ROOT/skin/taskbar.css?cacheid=216d6b5d" },
{ DYNAMIC_CONTENT, "/ROOT/skin/viewer.js" }, { DYNAMIC_CONTENT, "/ROOT/skin/viewer.js" },
{ STATIC_CONTENT, "/ROOT/skin/viewer.js?cacheid=0933a233" }, { STATIC_CONTENT, "/ROOT/skin/viewer.js?cacheid=23966598" },
{ DYNAMIC_CONTENT, "/ROOT/skin/fonts/Poppins.ttf" }, { DYNAMIC_CONTENT, "/ROOT/skin/fonts/Poppins.ttf" },
{ STATIC_CONTENT, "/ROOT/skin/fonts/Poppins.ttf?cacheid=af705837" }, { STATIC_CONTENT, "/ROOT/skin/fonts/Poppins.ttf?cacheid=af705837" },
{ DYNAMIC_CONTENT, "/ROOT/skin/fonts/Roboto.ttf" }, { DYNAMIC_CONTENT, "/ROOT/skin/fonts/Roboto.ttf" },
@ -291,7 +291,7 @@ R"EXPECTEDRESULT( <img src="../skin/download.png?
/* url */ "/ROOT/viewer", /* url */ "/ROOT/viewer",
R"EXPECTEDRESULT( <link type="text/css" href="./skin/taskbar.css?cacheid=216d6b5d" rel="Stylesheet" /> R"EXPECTEDRESULT( <link type="text/css" href="./skin/taskbar.css?cacheid=216d6b5d" rel="Stylesheet" />
<link type="text/css" href="./skin/css/autoComplete.css?cacheid=08951e06" rel="Stylesheet" /> <link type="text/css" href="./skin/css/autoComplete.css?cacheid=08951e06" rel="Stylesheet" />
<script type="text/javascript" src="./skin/viewer.js?cacheid=0933a233" defer></script> <script type="text/javascript" src="./skin/viewer.js?cacheid=23966598" defer></script>
<script type="text/javascript" src="./skin/autoComplete.min.js?cacheid=1191aaaf"></script> <script type="text/javascript" src="./skin/autoComplete.min.js?cacheid=1191aaaf"></script>
const blankPageUrl = root + "/skin/blank.html?cacheid=6b1fa032"; const blankPageUrl = root + "/skin/blank.html?cacheid=6b1fa032";
<label for="kiwix_button_show_toggle"><img src="./skin/caret.png?cacheid=22b942b4" alt=""></label> <label for="kiwix_button_show_toggle"><img src="./skin/caret.png?cacheid=22b942b4" alt=""></label>