public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-08-31 21:41:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Newsletter authors no longer get escaped server-side. The web should know how to escape.

Browse source
This commit is contained in:
Samuel Clay 2016-02-25 15:31:07 -08:00
parent 5dcfc20a84
commit d05f0fe162
4 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/newsletters/models.py
View file

@ -61,7 +61,7 @@ class EmailNewsletter:
"story_date": datetime.datetime.fromtimestamp(int(params['timestamp'])), "story_date": datetime.datetime.fromtimestamp(int(params['timestamp'])),
"story_title": params['subject'], "story_title": params['subject'],
"story_content": story_content, "story_content": story_content,
"story_author_name": escape(params['from']), "story_author_name": params['from'],
"story_permalink": reverse('newsletter-story', "story_permalink": reverse('newsletter-story',
kwargs={'story_hash': story_hash}), kwargs={'story_hash': story_hash}),
"story_guid": params['signature'], "story_guid": params['signature'],

5
media/js/newsblur/models/stories.js
View file

@ -47,6 +47,11 @@ NEWSBLUR.Models.Story = Backbone.Model.extend({
} }
}, },
story_authors: function() {
return this.get('story_authors').replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
},
formatted_short_date: function() { formatted_short_date: function() {
var timestamp = this.get('story_timestamp'); var timestamp = this.get('story_timestamp');
var dateformat = NEWSBLUR.assets.preference('dateformat'); var dateformat = NEWSBLUR.assets.preference('dateformat');

4
media/js/newsblur/views/story_detail_view.js
View file

@ -170,11 +170,11 @@ NEWSBLUR.Views.StoryDetailView = Backbone.View.extend({
<% } %>\ <% } %>\
<%= story.formatted_long_date() %>\ <%= story.formatted_long_date() %>\
</div>\ </div>\
<% if (story.get("story_authors")) { %>\ <% if (story.story_authors()) { %>\
<div class="NB-feed-story-author-wrapper">\ <div class="NB-feed-story-author-wrapper">\
<span class="NB-middot">&middot;</span>\ <span class="NB-middot">&middot;</span>\
<span class="NB-feed-story-author <% if (authors_score) { %>NB-score-<%= authors_score %><% } %>">\ <span class="NB-feed-story-author <% if (authors_score) { %>NB-score-<%= authors_score %><% } %>">\
<%= story.get("story_authors") %>\ <%= story.story_authors() %>\
</span>\ </span>\
</div>\ </div>\
<% } %>\ <% } %>\

4
media/js/newsblur/views/story_title_view.js
View file

@ -64,7 +64,7 @@ NEWSBLUR.Views.StoryTitleView = Backbone.View.extend({
<div class="NB-storytitles-star"></div>\ <div class="NB-storytitles-star"></div>\
<div class="NB-storytitles-share"></div>\ <div class="NB-storytitles-share"></div>\
<span class="NB-storytitles-title"><%= story.get("story_title") %></span>\ <span class="NB-storytitles-title"><%= story.get("story_title") %></span>\
<span class="NB-storytitles-author"><%= story.get("story_authors") %></span>\ <span class="NB-storytitles-author"><%= story.story_authors() %></span>\
<% if (show_content_preview) { %>\ <% if (show_content_preview) { %>\
<div class="NB-storytitles-content-preview"><%= show_content_preview %></div>\ <div class="NB-storytitles-content-preview"><%= show_content_preview %></div>\
<% } %>\ <% } %>\
@ -110,7 +110,7 @@ NEWSBLUR.Views.StoryTitleView = Backbone.View.extend({
</a>\ </a>\
</div>\ </div>\
<div class="NB-storytitles-grid-bottom">\ <div class="NB-storytitles-grid-bottom">\
<span class="NB-storytitles-author"><%= story.get("story_authors") %></span>\ <span class="NB-storytitles-author"><%= story.story_authors() %></span>\
<span class="story_date NB-hidden-fade"><%= story.formatted_short_date() %></span>\ <span class="story_date NB-hidden-fade"><%= story.formatted_short_date() %></span>\
</div>\ </div>\
<% if (story.get("comment_count_friends")) { %>\ <% if (story.get("comment_count_friends")) { %>\