From 0c80119479c2ac29312d4ca498a1582f0b92af03 Mon Sep 17 00:00:00 2001 From: Stephen Williams Date: Thu, 18 May 2017 12:24:49 -0400 Subject: [PATCH 1/3] refactor `cleanInput` utilitiy method to prevent double encoding --- js/utilities.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/js/utilities.js b/js/utilities.js index d0a305b65..f9bb82ef5 100644 --- a/js/utilities.js +++ b/js/utilities.js @@ -53,16 +53,18 @@ var isUpArrow = isKey(CONST.UP_ARROW_KEYCODE); var isDownArrow = isKey(CONST.DOWN_ARROW_KEYCODE); - // https://github.com/ExactTarget/fuelux/issues/1841 - var xssRegex = /<.*>/; - var cleanInput = function cleanInput (questionableInput) { - var cleanedInput = questionableInput; - - if (xssRegex.test(cleanedInput)) { - cleanedInput = $('').text(questionableInput).html(); + var ENCODED_REGEX = /&[^\s]*;/; + /* + * to prevent double encoding decodes content in loop until content is encoding free + */ + var cleanInput = function cleanInput (questionableMarkup) { + // check for encoding and decode + while (ENCODED_REGEX.test(questionableMarkup)) { + questionableMarkup = $('').html(questionableMarkup).text(); } - return cleanedInput; + // string completely decoded now encode it + return $('').text(questionableMarkup).html(); }; $.fn.utilities = { @@ -79,4 +81,3 @@ // -- BEGIN UMD WRAPPER AFTERWORD -- })); // -- END UMD WRAPPER AFTERWORD -- - From 9b127176c44f5842611937be8f0d9c9139bae529 Mon Sep 17 00:00:00 2001 From: Stephen Williams Date: Sat, 10 Jun 2017 11:55:20 -0400 Subject: [PATCH 2/3] added eslint dependencies for better ide (atom) lint integration --- package.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package.json b/package.json index 205c9389d..d62349793 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,9 @@ "url": "https://github.com/ExactTarget/fuelux/issues" }, "dependencies": { + "babel-eslint": "^7.2.3", "bootstrap": "3.3.7", + "eslint-plugin-react": "^7.0.1", "jquery": "3.2.1", "moment": "2.18.1" }, From 0a30d81e1e1570c1e7052af5d1f31d2450618724 Mon Sep 17 00:00:00 2001 From: Stephen Williams Date: Sat, 10 Jun 2017 11:59:40 -0400 Subject: [PATCH 3/3] add tests for utilities object and cleanup method --- test/tests.js | 1 + test/utilities-test.js | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 test/utilities-test.js diff --git a/test/tests.js b/test/tests.js index dbca99213..2bcb57402 100644 --- a/test/tests.js +++ b/test/tests.js @@ -60,4 +60,5 @@ define(function testWrapper (require) { require('./test/picker-test'); require('./test/tree-test'); require('./test/wizard-test'); + require('./test/utilities-test'); }); diff --git a/test/utilities-test.js b/test/utilities-test.js new file mode 100644 index 000000000..ef39bb2e4 --- /dev/null +++ b/test/utilities-test.js @@ -0,0 +1,41 @@ +define( function utilitiesTestModule(require) { + var QUnit = require('qunit'); + var $ = require('jquery'); + + require('fuelux/utilities'); + + QUnit.module( 'Fuel UX Utilities', function utilitiesTests() { + QUnit.test( 'should be defined on jquery object', function utilitiesObjectDefinedTest( assert ) { + assert.equal(typeof $().utilities, 'object', 'utilities object is defined' ); + }); + + QUnit.module( 'cleanInput Method', { + beforeEach: function beforeEachUtilitiesCleanInputTests() { + this.utilities = $().utilities; + this.cleanInput = this.utilities.cleanInput; + } + }, function utilitiesCleanInputTests() { + QUnit.test( 'should be defined on utilities object', function cleanInputMethodDefinedTest( assert ) { + assert.equal(typeof this.utilities.cleanInput, 'function', 'cleanInput function is defined' ); + }); + + QUnit.test( 'should encode strings', function cleanInputMethodEncodeTest( assert ) { + var dirtyString = '