Fixing html injection in data fileds

pull/3/head
Davide Bongiovanni 8 years ago
parent bbdeffed65
commit ff1d42defd

@ -188,77 +188,103 @@ function show_part_info(partID) {
});
}
function perform_query() {
var query = $('.search-bar').val();
var filter = 0;
if($('#type').is(':checked'))
filter += 1;
if($('#partno').is(':checked'))
filter += 2 + 4 + 8;
if($('#description').is(':checked'))
filter += 16;
if($('#notes').is(':checked'))
filter += 32;
$.getJSON('https://www.elab.kth.se/parts/query/' + filter + '/' + query, function(data) {
var newResults = $('<div class="results"></div>');
for(var i = 0; i < data.length; i++) { // Create new view for results
var newRow = $('<div class="reults-row"></div>');
var newClicker = $('<a href="#" onclick="show_part_info(' + data[i].id + ')"></a>');
newClicker.append($('<div class="results-block"></div>').text(text_filter(data[i].block)));
newClicker.append($('<div class="results-type"></div>').text(text_filter(data[i].type)));
newClicker.append($('<div class="results-partno"></div>').text(text_filter(data[i].partno)));
newClicker.append($('<div class="results-description"></div>').text(text_filter(data[i].description)));
var notes = $('<div class="results-notes"></div>');
if (data[i].notes != null && data[i].notes.length > 0) {
var icon = $('<i class="fa fa-sticky-note"></i>');
var tooltipText = $('<div class="tooltiptext"');
var tooltip = $('<div class="tooltip"></div>');
tooltip.append(icon, tooltipText);
notes.append(tooltip);
}
newClicker.append(notes);
newClicker.append($('<div class="results-datasheet"></div>')
.html('<a href="https://www.elab.kth.se/parts/getfile/'
+ data[i].datasheet.substring(0, data[i].datasheet.length - 4)
+ '"><i class="fa fa-file-text" aria-hidden="true"></i></a>'));
newRow.append(newClicker);
newResults.append(newRow);
/*newResults += '<div class="results-datasheet">';
if (data[i].datasheet != null)
newResults += '<a href="https://www.elab.kth.se/parts/getfile/' + data[i].datasheet.substring(0, data[i].datasheet.length - 4) + '"><i class="fa fa-file-text" aria-hidden="true"></i></a>';
newResults += '</div>';*/
//newResults += '<div class="results-row">';
//newResults += '<a href=# onclick="show_part_info(' + data[i].id + ')">'
/*newResults += '<div class="results-block">';
if (data[i].block != null)
newResults += data[i].block;
newResults += '</div>';*/
/*newResults += '<div class="results-type">';
if (data[i].type != null)
newResults += data[i].type;
newResults += '</div>';*/
/*newResults += '<div class="results-partno">';
if (data[i].partno != null)
newResults += data[i].partno;
newResults += '</div>';*/
/*newResults += '<div class="results-description">';
if (data[i].description != null)
newResults += data[i].description;
newResults += '</div>';*/
/*newResults += '<div class="results-notes">';
if (data[i].notes != null && data[i].notes.length > 0)
newResults += '<div class="tooltip"><i class="fa fa-sticky-note"></i><span class="tooltiptext">' + data[i].notes + '</span></div>';
//newResults += data[i].notes;
newResults += '</div>';*/
//newResults += '</a>'
//newResults += '</div>';
}
//newResults += '</div>';
if(data.length == 0) {
newResults = '<div class="results">';
newResults += '<h3>No results.</h3>';
newResults += '</div>';
}
$('.results').replaceWith(newResults);
}).fail(function() {
var newResults = '<div class="results">';
newResults += '<h3>No results.</h3>';
newResults += '</div>';
$('.results').replaceWith(newResults);
console.log( "Query failed" );
});
}
$(document).ready(function() {
$.ajaxSetup({ cache: false });
$('.search-bar').on('keyup', function() {
var query = $('.search-bar').val();
var filter = 0;
if($('#type').is(':checked'))
filter += 1;
if($('#partno').is(':checked'))
filter += 2 + 4 + 8;
if($('#description').is(':checked'))
filter += 16;
if($('#notes').is(':checked'))
filter += 32;
$.getJSON('https://www.elab.kth.se/parts/query/' + filter + '/' + query, function(data) {
var newResults = '<div class="results">';
for(var i = 0; i < data.length; i++) { // Create new view for results
newResults += '<div class="results-row">';
newResults += '<a href=# onclick="show_part_info(' + data[i].id + ')">'
newResults += '<div class="results-block">';
if (data[i].block != null)
newResults += data[i].block;
newResults += '</div>';
newResults += '<div class="results-type">';
if (data[i].type != null)
newResults += data[i].type;
newResults += '</div>';
newResults += '<div class="results-partno">';
if (data[i].partno != null)
newResults += data[i].partno;
newResults += '</div>';
newResults += '<div class="results-description">';
if (data[i].description != null)
newResults += data[i].description;
newResults += '</div>';
newResults += '<div class="results-notes">';
if (data[i].notes != null && data[i].notes.length > 0)
newResults += '<div class="tooltip"><i class="fa fa-sticky-note"></i><span class="tooltiptext">' + data[i].notes + '</span></div>';
//newResults += data[i].notes;
newResults += '</div>';
newResults += '<div class="results-datasheet">';
if (data[i].datasheet != null)
newResults += '<a href="https://www.elab.kth.se/parts/getfile/' + data[i].datasheet.substring(0, data[i].datasheet.length - 4) + '"><i class="fa fa-file-text" aria-hidden="true"></i></a>';
newResults += '</div>';
newResults += '</a>'
newResults += '</div>';
}
newResults += '</div>';
if(data.length == 0) {
newResults = '<div class="results">';
newResults += '<h3>No results.</h3>';
newResults += '</div>';
}
$('.results').replaceWith(newResults);
}).fail(function() {
var newResults = '<div class="results">';
newResults += '<h3>No results.</h3>';
newResults += '</div>';
$('.results').replaceWith(newResults);
console.log( "Query failed" );
});
perform_query();
});
$('.toggle-btn').on('change', function() {
// Re-perform query
perform_query();
});
//$('.results-row').on('click', );
});

Loading…
Cancel
Save