removed use of strip_tags and using String library instead

2025-11-01 19:46:01 +01:00 · 2013-12-26 21:10:26 -05:00
parent 2c6bf93eb5
commit b52782deb8
9 changed files with 15 additions and 31 deletions
--- a/public/src/app.js
+++ b/public/src/app.js
@@ -178,17 +178,6 @@ var socket,
 		return text.replace(/(\d)(?=(\d\d\d)+(?!\d))/g, "$1,");
 	};
 	// Willingly stolen from: http://phpjs.org/functions/strip_tags/
 	app.strip_tags = function (input, allowed) {
 		allowed = (((allowed || "") + "").toLowerCase().match(/<[a-z][a-z0-9]*>/g) || []).join(''); // making sure the allowed arg is a string containing only tags in lowercase (<a><b><c>)
 		var tags = /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi,
 			commentsAndPhpTags = /<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi;
 		return input.replace(commentsAndPhpTags, '').replace(tags, function ($0, $1) {
 			return allowed.indexOf('<' + $1.toLowerCase() + '>') > -1 ? $0 : '';
 		});
 	};
 	// use unique alert_id to have multiple alerts visible at a time, use the same alert_id to fade out the current instance
 	// type : error, success, info, warning/notify
 	// title = bolded title text
--- a/public/src/modules/chat.js
+++ b/public/src/modules/chat.js
@@ -1,4 +1,4 @@
-define(['taskbar'], function(taskbar) {
+define(['taskbar', 'string'], function(taskbar, S) {
 	var module = {};
@@ -139,7 +139,7 @@ define(['taskbar'], function(taskbar) {
 	}
 	function sendMessage(chatModal) {
-		var msg = app.strip_tags(chatModal.find('#chat-message-input').val());
+		var msg = S(chatModal.find('#chat-message-input').val()).stripTags().s;
 		if(msg.length) {
 			msg = msg +'\n';
 			socket.emit('api:chats.send', { touid:chatModal.touid, message:msg});
--- a/public/src/modules/string.js
+++ b/public/src/modules/string.js
--- a/public/src/utils.js
+++ b/public/src/utils.js
@@ -123,18 +123,6 @@
 		isPasswordValid: function(password) {
 			return password && password.indexOf(' ') === -1;
 		},
 		// Blatently stolen from: http://phpjs.org/functions/strip_tags/
 		'strip_tags': function(input, allowed) {
 			allowed = (((allowed || "") + "").toLowerCase().match(/<[a-z][a-z0-9]*>/g) || []).join(''); // making sure the allowed arg is a string containing only tags in lowercase (<a><b><c>)
 			var tags = /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi,
 				commentsAndPhpTags = /<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi;
 			return input.replace(commentsAndPhpTags, '').replace(tags, function($0, $1) {
 				return allowed.indexOf('<' + $1.toLowerCase() + '>') > -1 ? $0 : '';
 			});
 		},
 		buildMetaTags: function(tagsArr) {
 			var tags = '',
 				tag;
--- a/src/posts.js
+++ b/src/posts.js
@@ -15,7 +15,8 @@ var db = require('./database'),
 	nconf = require('nconf'),
 	validator = require('validator'),
 	winston = require('winston'),
-	gravatar = require('gravatar');
+	gravatar = require('gravatar'),
 	S = require('string');
 (function(Posts) {
 	var customUserInfo = {};
@@ -294,7 +295,7 @@ var db = require('./database'),
 							}
 							if(stripTags) {
-								postData.content = utils.strip_tags(content);
+								postData.content = S(content).stripTags().s;
 							} else {
 								postData.content = content;
 							}
--- a/src/topics.js
+++ b/src/topics.js
@@ -2,6 +2,7 @@ var async = require('async'),
 	gravatar = require('gravatar'),
 	nconf = require('nconf'),
 	validator = require('validator'),
 	S = require('string'),
 	db = require('./database'),
 	posts = require('./posts'),
@@ -826,7 +827,7 @@ var async = require('async'),
 					if (postData.content) {
 						stripped = postData.content.replace(/>.+\n\n/, '');
 						postTools.parse(stripped, function(err, stripped) {
-							returnObj.text = utils.strip_tags(stripped);
+							returnObj.text = S(stripped).stripTags().s;
 							callback(null, returnObj);
 						});
 					} else {
--- a/src/user.js
+++ b/src/user.js
@@ -6,6 +6,7 @@ var bcrypt = require('bcrypt'),
 	gravatar = require('gravatar'),
 	check = require('validator').check,
 	sanitize = require('validator').sanitize,
 	S = require('string'),
 	utils = require('./../public/src/utils'),
 	plugins = require('./plugins'),
@@ -266,7 +267,7 @@ var bcrypt = require('bcrypt'),
 					});
 					return;
 				} else if (field === 'signature') {
-					data[field] = utils.strip_tags(data[field]);
+					data[field] = S(data[field]).stripTags().s;
 				} else if (field === 'website') {
 					if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') {
 						data[field] = 'http://' + data[field];
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -510,7 +510,7 @@ var path = require('path'),
 					var lastMod = 0,
 						sanitize = validator.sanitize,
 						description = (function() {
-							var	content = S(topicData.posts[0].content).stripTags();
+							var	content = S(topicData.posts[0].content).stripTags().s;
 							if (content.length > 255) {
 								content = content.substr(0, 255) + '...';
--- a/src/websockets.js
+++ b/src/websockets.js
@@ -8,6 +8,7 @@ var cookie = require('cookie'),
 	nconf = require('nconf'),
 	gravatar = require('gravatar'),
 	winston = require('winston'),
 	S = require('string'),
 	db = require('./database'),
@@ -712,7 +713,7 @@ websockets.init = function(io) {
 				return;
 			}
-			var msg = utils.strip_tags(data.message);
+			var msg = S(data.message).stripTags().s;
 			user.getMultipleUserFields([uid, touid], ['username'], function(err, usersData) {
 				if(err) {