kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-04-14 16:15:04 +00:00
Code Issues Projects Releases Wiki Activity

clean up some injection issues in chat display

Browse Source
This commit is contained in:
root 2014-08-25 18:41:58 -04:00
parent e627422f3d
commit 15d7706f8f
1 changed files with 64 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
html5/verto/demo/verto.js
View File

@ -76,6 +76,54 @@ function check_vid() {
return use_vid; return use_vid;
} }
function messageTextToJQ(body) {
// Builds a jQuery collection from body text, linkifies http/https links, imageifies http/https links to images, and doesn't allow script injection
var match, $link, img_url, $body_parts = $(), rx = /(https?:\/\/[^ \n\r]+|\n\r|\n|\r)/;
while ((match = rx.exec(body)) !== null) {
if (match.index !== 0) {
$body_parts = $body_parts.add(document.createTextNode(body.substr(0, match.index)));
}
if (match[0].match(/^(\n|\r|\n\r)$/)) {
// Make a BR from a newline
$body_parts = $body_parts.add($('<br />'));
body = body.substr(match.index + match[0].length);
} else {
// Make a link (or image)
$link = $('<a target="_blank" />').attr('href', match[0]);
if (match[0].search(/\.(gif|jpe?g|png)/) > -1) {
// Make an image
img_url = match[0];
// Handle dropbox links
if (img_url.indexOf('dropbox.com') !== -1) {
if (img_url.indexOf('?dl=1') === -1 && img_url.indexOf('?dl=0') === -1) {
img_url += '?dl=1';
} else if (img_url.indexOf('?dl=0') !== -1) {
img_url = img_url.replace(/dl=0$/, 'dl=1');
}
}
$link.append($('<img border="0" class="chatimg" />').attr('src', img_url));
} else {
// Make a link
$link.text(match[0]);
}
body = body.substr(match.index + match[0].length);
$body_parts = $body_parts.add($link);
}
}
if (body) {
$body_parts = $body_parts.add(document.createTextNode(body));
}
return $body_parts;
} // END function messageTextToJQ
var callbacks = { var callbacks = {
onMessage: function(verto, dialog, msg, data) { onMessage: function(verto, dialog, msg, data) {
@ -114,6 +162,9 @@ var callbacks = {
case $.verto.enum.message.info: case $.verto.enum.message.info:
var body = data.body; var body = data.body;
/*
// This section has been replaced with messageTextToJQ function
if (body.match(/\.gif|\.jpg|\.jpeg|\.png/)) { if (body.match(/\.gif|\.jpg|\.jpeg|\.png/)) {
var mod = ""; var mod = "";
if (body.match(/dropbox.com/)) { if (body.match(/dropbox.com/)) {
@ -129,11 +180,21 @@ var callbacks = {
} }
body = body.replace(/(?:\r\n|\r|\n)/g, '<br />'); body = body.replace(/(?:\r\n|\r|\n)/g, '<br />');
var from = data.from_msg_name || data.from; var from = data.from_msg_name || data.from;
$("#chatwin").append("<span class=chatuid>" + from + ":</span><br>" + body); $("#chatwin").append("<span class=chatuid>" + from + ":</span><br>" + body);
$('#chatwin').animate({"scrollTop": $('#chatwin')[0].scrollHeight}, "fast"); $('#chatwin').animate({"scrollTop": $('#chatwin')[0].scrollHeight}, "fast");
*/
var from = data.from_msg_name || data.from;
$('#chatwin')
.append($('<span class="chatuid" />').text(from + ':'))
.append($('<br />'))
.append(messageTextToJQ(body))
.append($('<br />'));
$('#chatwin').animate({"scrollTop": $('#chatwin')[0].scrollHeight}, "fast");
break; break;
case $.verto.enum.message.display: case $.verto.enum.message.display:
var party = dialog.params.remote_caller_id_name + "<" + dialog.params.remote_caller_id_number + ">"; var party = dialog.params.remote_caller_id_name + "<" + dialog.params.remote_caller_id_number + ">";