diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2015-04-18 17:57:58 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2015-04-18 17:57:58 +0900 |
commit | 925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb (patch) | |
tree | 0922cb37eec8892b17e4f4a8da1379b3e049973c /app/assets | |
parent | 90b918943f7b2fb03762627efde9ceff1dc8c9f3 (diff) | |
download | aclog-925b2dfe5e0bf41c26f0e0bf9bb14bb351b7a0bb.tar.gz |
web: escape or remove invalid character in xml
Diffstat (limited to 'app/assets')
-rw-r--r-- | app/assets/javascripts/_init.coffee | 3 | ||||
-rw-r--r-- | app/assets/javascripts/tweets.coffee.erb | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/app/assets/javascripts/_init.coffee b/app/assets/javascripts/_init.coffee index 96b1a17..46145f8 100644 --- a/app/assets/javascripts/_init.coffee +++ b/app/assets/javascripts/_init.coffee @@ -1,6 +1,9 @@ Vue.config.prefix = "data-v-" Vue.filter "toLocaleString", (string) -> new Date(string).toLocaleString() +Vue.filter "removeInvalidCharacters", (str) -> + # JavaScript is kuso: http://www.w3.org/TR/xml/#charsets + str.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/gm, "") if window.Views is undefined window.Views = {} diff --git a/app/assets/javascripts/tweets.coffee.erb b/app/assets/javascripts/tweets.coffee.erb index c44c492..cd40568 100644 --- a/app/assets/javascripts/tweets.coffee.erb +++ b/app/assets/javascripts/tweets.coffee.erb @@ -23,7 +23,7 @@ Views.tweets = filters: formatSource: (str) -> if /^<a href="([^"]+?)" rel="nofollow">([^<>]+?)<\/a>$/.test(str) - str + str.replace(/&/g, "&") else str.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") formatText: (str) -> |