web: escape or remove invalid character in xml

author: Kazuki Yamaguchi <k@rhe.jp> 2015-04-18 17:57:58 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2015-04-18 17:57:58 +0900
commit: 925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb (patch)
tree: 0922cb37eec8892b17e4f4a8da1379b3e049973c /app/assets
parent: 90b918943f7b2fb03762627efde9ceff1dc8c9f3 (diff)
download: aclog-925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/app/assets/javascripts/_init.coffee b/app/assets/javascripts/_init.coffee
index 96b1a17..46145f8 100644
--- a/app/assets/javascripts/_init.coffee
+++ b/app/assets/javascripts/_init.coffee
@@ -1,6 +1,9 @@
 Vue.config.prefix = "data-v-"
 Vue.filter "toLocaleString", (string) ->
   new Date(string).toLocaleString()
+Vue.filter "removeInvalidCharacters", (str) ->
+  # JavaScript is kuso: http://www.w3.org/TR/xml/#charsets
+  str.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/gm, "")
 
 if window.Views is undefined
   window.Views = {}
diff --git a/app/assets/javascripts/tweets.coffee.erb b/app/assets/javascripts/tweets.coffee.erb
index c44c492..cd40568 100644
--- a/app/assets/javascripts/tweets.coffee.erb
+++ b/app/assets/javascripts/tweets.coffee.erb
@@ -23,7 +23,7 @@ Views.tweets =
       filters:
         formatSource: (str) ->
           if /^<a href="([^"]+?)" rel="nofollow">([^<>]+?)<\/a>$/.test(str)
-            str
+            str.replace(/&/g, "&amp;")
           else
             str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;")
         formatText: (str) ->
author	Kazuki Yamaguchi <k@rhe.jp>	2015-04-18 17:57:58 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2015-04-18 17:57:58 +0900
commit	925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb (patch)
tree	0922cb37eec8892b17e4f4a8da1379b3e049973c /app/assets
parent	90b918943f7b2fb03762627efde9ceff1dc8c9f3 (diff)
download	aclog-925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb.tar.gz