Fix escaping of container names in popups. Bug 1346653
This commit is contained in:
Jonathan Kingston
parent
9d5223cd71
commit
72cc75c1ec
4 changed files with 51 additions and 9 deletions
|
|
@ -15,7 +15,8 @@ module.exports = {
|
|||
"Services": true
|
||||
},
|
||||
"plugins": [
|
||||
"promise"
|
||||
"promise",
|
||||
"unsafe-property-assignment"
|
||||
],
|
||||
"root": true,
|
||||
"rules": {
|
||||
|
|
@ -28,6 +29,8 @@ module.exports = {
|
|||
"promise/no-promise-in-callback": "warn",
|
||||
"promise/no-return-wrap": "error",
|
||||
"promise/param-names": "error",
|
||||
"unsafe-property-assignment/no-key-assignment": ["error"],
|
||||
"unsafe-property-assignment/enforce-tagged-template-protection": ["error"],
|
||||
|
||||
"eqeqeq": "error",
|
||||
"indent": ["error", 2],
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
"name": "testpilot-containers",
|
||||
"title": "Containers Experiment",
|
||||
"description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored ‘Container Tabs’. This add-on is a modified version of the containers feature for Firefox Test Pilot.",
|
||||
"version": "1.1.0",
|
||||
"version": "1.1.1",
|
||||
"author": "Andrea Marchesini, Luke Crouch and Jonathan Kingston",
|
||||
"bugs": {
|
||||
"url": "https://github.com/mozilla/testpilot-containers/issues"
|
||||
|
|
@ -11,8 +11,9 @@
|
|||
"devDependencies": {
|
||||
"addons-linter": "^0.15.14",
|
||||
"deploy-txp": "^1.0.7",
|
||||
"eslint": "^3.12.2",
|
||||
"eslint": "^3.17.1",
|
||||
"eslint-plugin-promise": "^3.4.0",
|
||||
"eslint-plugin-unsafe-property-assignment": "^1.0.2",
|
||||
"htmllint-cli": "^0.0.5",
|
||||
"jpm": "^1.2.2",
|
||||
"npm-run-all": "^4.0.0",
|
||||
|
|
|
|||
|
|
@ -18,6 +18,42 @@ const P_CONTAINER_INFO = "containerInfo";
|
|||
const P_CONTAINER_EDIT = "containerEdit";
|
||||
const P_CONTAINER_DELETE = "containerDelete";
|
||||
|
||||
/**
|
||||
* Escapes any occurances of &, ", < or > with XML entities.
|
||||
*
|
||||
* @param {string} str
|
||||
* The string to escape.
|
||||
* @return {string} The escaped string.
|
||||
*/
|
||||
function escapeXML(str) {
|
||||
const replacements = {"&": "&", "\"": """, "'": "'", "<": "<", ">": ">"};
|
||||
return String(str).replace(/[&"''<>]/g, m => replacements[m]);
|
||||
}
|
||||
|
||||
/**
|
||||
* A tagged template function which escapes any XML metacharacters in
|
||||
* interpolated values.
|
||||
*
|
||||
* @param {Array<string>} strings
|
||||
* An array of literal strings extracted from the templates.
|
||||
* @param {Array} values
|
||||
* An array of interpolated values extracted from the template.
|
||||
* @returns {string}
|
||||
* The result of the escaped values interpolated with the literal
|
||||
* strings.
|
||||
*/
|
||||
function escaped(strings, ...values) {
|
||||
const result = [];
|
||||
|
||||
for (const [i, string] of strings.entries()) {
|
||||
result.push(string);
|
||||
if (i < values.length)
|
||||
result.push(escapeXML(values[i]));
|
||||
}
|
||||
|
||||
return result.join("");
|
||||
}
|
||||
|
||||
// This object controls all the panels, identities and many other things.
|
||||
const Logic = {
|
||||
_identities: [],
|
||||
|
|
@ -235,7 +271,7 @@ Logic.registerPanel(P_CONTAINERS_LIST, {
|
|||
tr.classList.add("container-panel-row");
|
||||
context.classList.add("userContext-wrapper", "open-newtab", "clickable");
|
||||
manage.classList.add("show-tabs", "pop-button");
|
||||
context.innerHTML = `
|
||||
context.innerHTML = escaped`
|
||||
<div class="userContext-icon-wrapper open-newtab">
|
||||
<div class="userContext-icon"
|
||||
data-identity-icon="${identity.image}"
|
||||
|
|
@ -378,7 +414,7 @@ Logic.registerPanel(P_CONTAINER_INFO, {
|
|||
const tr = document.createElement("tr");
|
||||
fragment.appendChild(tr);
|
||||
tr.classList.add("container-info-tab-row");
|
||||
tr.innerHTML = `
|
||||
tr.innerHTML = escaped`
|
||||
<td><img class="icon" src="${tab.favicon}" /></td>
|
||||
<td class="container-info-tab-title">${tab.title}</td>`;
|
||||
|
||||
|
|
@ -422,7 +458,7 @@ Logic.registerPanel(P_CONTAINERS_EDIT, {
|
|||
const tr = document.createElement("tr");
|
||||
fragment.appendChild(tr);
|
||||
tr.classList.add("container-panel-row");
|
||||
tr.innerHTML = `
|
||||
tr.innerHTML = escaped`
|
||||
<td class="userContext-wrapper">
|
||||
<div class="userContext-icon-wrapper">
|
||||
<div class="userContext-icon"
|
||||
|
|
@ -509,25 +545,27 @@ Logic.registerPanel(P_CONTAINER_EDIT, {
|
|||
|
||||
initializeRadioButtons() {
|
||||
const colorRadioTemplate = (containerColor) => {
|
||||
return `<input type="radio" value="${containerColor}" name="container-color" id="edit-container-panel-choose-color-${containerColor}" />
|
||||
return escaped`<input type="radio" value="${containerColor}" name="container-color" id="edit-container-panel-choose-color-${containerColor}" />
|
||||
<label for="edit-container-panel-choose-color-${containerColor}" class="usercontext-icon choose-color-icon" data-identity-icon="circle" data-identity-color="${containerColor}">`;
|
||||
};
|
||||
const colors = ["blue", "turquoise", "green", "yellow", "orange", "red", "pink", "purple" ];
|
||||
const colorRadioFieldset = document.getElementById("edit-container-panel-choose-color");
|
||||
colors.forEach((containerColor) => {
|
||||
const templateInstance = document.createElement("span");
|
||||
// eslint-disable-next-line unsafe-property-assignment/enforce-tagged-template-protection
|
||||
templateInstance.innerHTML = colorRadioTemplate(containerColor);
|
||||
colorRadioFieldset.appendChild(templateInstance);
|
||||
});
|
||||
|
||||
const iconRadioTemplate = (containerIcon) => {
|
||||
return `<input type="radio" value="${containerIcon}" name="container-icon" id="edit-container-panel-choose-icon-${containerIcon}" />
|
||||
return escaped`<input type="radio" value="${containerIcon}" name="container-icon" id="edit-container-panel-choose-icon-${containerIcon}" />
|
||||
<label for="edit-container-panel-choose-icon-${containerIcon}" class="usercontext-icon choose-color-icon" data-identity-color="grey" data-identity-icon="${containerIcon}">`;
|
||||
};
|
||||
const icons = ["fingerprint", "briefcase", "dollar", "cart", "vacation", "gift", "food", "fruit", "pet", "tree", "chill", "circle"];
|
||||
const iconRadioFieldset = document.getElementById("edit-container-panel-choose-icon");
|
||||
icons.forEach((containerIcon) => {
|
||||
const templateInstance = document.createElement("span");
|
||||
// eslint-disable-next-line unsafe-property-assignment/enforce-tagged-template-protection
|
||||
templateInstance.innerHTML = iconRadioTemplate(containerIcon);
|
||||
iconRadioFieldset.appendChild(templateInstance);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"manifest_version": 2,
|
||||
"name": "Containers Experiment",
|
||||
"version": "1.1.0",
|
||||
"version": "1.1.1",
|
||||
|
||||
"description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored ‘Container Tabs’. This add-on is a modified version of the containers feature for Firefox Test Pilot.",
|
||||
"icons": {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue