deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

fix, clean, optimize some html escaping

Browse source
This commit is contained in:
Niklas Fiekas 2019-04-22 12:30:08 +02:00
parent 25c2e4ee0c
commit 07ef73635e
11 changed files with 27 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/templating/GameHelper.scala
View file

@ -6,7 +6,6 @@ import chess.{ Status => S, Color, Clock, Mode }
import controllers.routes
import lila.app.ui.ScalatagsTemplate._
import lila.common.String.frag.escapeHtml
import lila.game.{ Game, Player, Namer, Pov }
import lila.i18n.{ I18nKeys, enLang }
import lila.user.{ User, UserContext, Title }
@ -143,15 +142,10 @@ trait GameHelper { self: I18nHelper with UserHelper with AiHelper with StringHel
player.userId.flatMap(lightUser) match {
case None =>
val klass = cssClass.??(" " + _)
val content = (player.aiLevel, player.name) match {
case (Some(level), _) => aiNameFrag(level, withRating).render
case (_, Some(name)) => escapeHtml(name).render
case _ => User.anonymous
}
span(cls := s"user-link$klass")(
(player.aiLevel, player.name) match {
case (Some(level), _) => aiNameFrag(level, withRating).render
case (_, Some(name)) => escapeHtml(name).render
case (Some(level), _) => aiNameFrag(level, withRating)
case (_, Some(name)) => name
case _ => User.anonymous
},
statusIcon

3
app/templating/TeamHelper.scala
View file

@ -5,7 +5,6 @@ import controllers.routes
import lila.api.Context
import lila.app.ui.ScalatagsTemplate._
import lila.common.String.frag.escapeHtml
import lila.team.Env.{ current => teamEnv }
trait TeamHelper {
@ -15,7 +14,7 @@ trait TeamHelper {
def myTeam(teamId: String)(implicit ctx: Context): Boolean =
ctx.me.??(me => api.syncBelongsTo(teamId, me.id))
def teamIdToName(id: String): Frag = escapeHtml(api teamName id getOrElse id)
def teamIdToName(id: String): Frag = StringFrag(api.teamName(id).getOrElse(id))
def teamLink(id: String, withIcon: Boolean = true): Frag = a(
href := routes.Team.show(id),

5
app/ui/OpenGraph.scala
View file

@ -2,7 +2,6 @@ package lila.app
package ui
import lila.app.ui.ScalatagsTemplate._
import lila.common.base.StringUtils.escapeHtml
case class OpenGraph(
title: String,
@ -22,7 +21,7 @@ case class OpenGraph(
private def tag(name: String, value: String) = meta(
property := s"og:$name",
content := escapeHtml(value)
content := value
)
private val tupledTag = (tag _).tupled
@ -42,7 +41,7 @@ case class OpenGraph(
private def tag(name: String, value: String) = meta(
st.name := s"twitter:$name",
content := escapeHtml(value)
content := value
)
private val tupledTag = (tag _).tupled

9
app/views/base/layout.scala
View file

@ -3,7 +3,6 @@ package views.html.base
import lila.api.Context
import lila.app.templating.Environment._
import lila.app.ui.ScalatagsTemplate._
import lila.common.String.html.escapeString
import lila.common.{ Lang, ContentSecurityPolicy }
import lila.pref.Pref
@ -54,24 +53,24 @@ object layout {
private def allNotifications(implicit ctx: Context) = spaceless(s"""<div>
<a id="challenge-toggle" class="toggle link">
<span title="${escapeString(trans.challenges.txt())}" class="data-count" data-count="${ctx.nbChallenges}" data-icon="U"></span>
<span title="${trans.challenges().render}" class="data-count" data-count="${ctx.nbChallenges}" data-icon="U"></span>
</a>
<div id="challenge-app" class="dropdown"></div>
</div>
<div>
<a id="notify-toggle" class="toggle link">
<span title="${escapeString(trans.notifications.txt())}" class="data-count" data-count="${ctx.nbNotifications}" data-icon=""</span>
<span title="${trans.notifications().render}" class="data-count" data-count="${ctx.nbNotifications}" data-icon=""</span>
</a>
<div id="notify-app" class="dropdown"></div>
</div>""")
private def anonDasher(playing: Boolean)(implicit ctx: Context) = spaceless(s"""<div class="dasher">
<a class="toggle link anon">
<span title="${escapeString(trans.preferences.txt())}" data-icon="%"</span>
<span title="${trans.preferences().render}" data-icon="%"</span>
</a>
<div id="dasher_app" class="dropdown" data-playing="$playing"></div>
</div>
<a href="${routes.Auth.login}?referrer=${ctx.req.path}" class="signin button">${escapeString(trans.signIn.txt()).render}</a>""")
<a href="${routes.Auth.login}?referrer=${ctx.req.path}" class="signin button">${trans.signIn().render}</a>""")
private val clinputLink = a(cls := "link")(span(dataIcon := "y"))

2
app/views/blog/atom.scala
View file

@ -34,7 +34,7 @@ object atom {
doc.getText("blog.shortlede"),
"<br>", // yes, scalatags encodes it.
doc.getImage("blog.image", "main").map { img =>
s"""<img src="${img.url}"/>"""
st.img(src := img.url).render
},
"<br>",
lila.blog.ProtocolFix.add(doc.getStructuredText("blog.body") ?? lila.blog.BlogApi.extract)

13
modules/common/src/main/String.scala
View file

@ -5,7 +5,7 @@ import play.api.libs.json._
import scalatags.Text.all._
import lila.base.RawHtml
import lila.common.base.StringUtils.{ safeJsonString, escapeHtml => escapeHtmlRaw }
import lila.common.base.StringUtils.{ safeJsonString, escapeHtmlRaw }
final object String {
@ -60,12 +60,10 @@ final object String {
def nl2br(text: String): Frag = nl2brUnsafe(escapeHtmlRaw(text))
def escapeHtml(s: String): Frag = raw {
def escapeHtml(s: String): RawFrag = raw {
escapeHtmlRaw(s)
}
def escapeString(s: String): Frag = escapeHtmlRaw(s)
def markdownLinks(text: String): Frag = raw {
RawHtml.markdownLinks(text)
}
@ -87,11 +85,4 @@ final object String {
}
}
}
object frag {
def escapeHtml(s: String) = RawFrag {
escapeHtmlRaw(s)
}
}
}

12
modules/common/src/main/base/RawHtml.scala
View file

@ -4,7 +4,7 @@ import scala.annotation.{ tailrec, switch }
import java.lang.{ StringBuilder => jStringBuilder, Math }
import java.lang.Character.isLetterOrDigit
import lila.common.base.StringUtils.escapeHtml
import lila.common.base.StringUtils.escapeHtmlRaw
final object RawHtml {
@inline implicit def toPimpedChars(i: Iterable[CharSequence]) = new PimpedChars(i)
@ -71,7 +71,7 @@ final object RawHtml {
expandAtUser(text) map { expanded =>
val m = urlPattern.matcher(expanded)
if (!m.find) escapeHtml(expanded) // preserve fast case!
if (!m.find) escapeHtmlRaw(expanded) // preserve fast case!
else {
val sb = new jStringBuilder(expanded.length + 200)
val sArr = expanded.toCharArray
@ -79,7 +79,7 @@ final object RawHtml {
do {
val start = m.start
escapeHtml(sb, sArr, lastAppendIdx, start)
escapeHtmlRaw(sb, sArr, lastAppendIdx, start)
val domainS = Math.max(m.start(1), start)
val pathS = m.start(2)
@ -104,7 +104,7 @@ final object RawHtml {
csb.append(sArr, pathS, end - pathS)
}
val allButScheme = escapeHtml(csb.toString)
val allButScheme = escapeHtmlRaw(csb.toString)
if (isTldInternal) {
sb.append(s"""<a href="${
@ -131,7 +131,7 @@ final object RawHtml {
lastAppendIdx = end
} while (m.find)
escapeHtml(sb, sArr, lastAppendIdx, sArr.length)
escapeHtmlRaw(sb, sArr, lastAppendIdx, sArr.length)
sb
}
} concat
@ -175,6 +175,6 @@ final object RawHtml {
private[this] val markdownLinkRegex = """\[([^]]++)\]\((https?://[^)]++)\)""".r
def markdownLinks(text: String): String = nl2br {
markdownLinkRegex.replaceAllIn(escapeHtml(text), """<a href="$2">$1</a>""")
markdownLinkRegex.replaceAllIn(escapeHtmlRaw(text), """<a href="$2">$1</a>""")
}
}

12
modules/common/src/main/java/StringUtils.java
View file

@ -17,11 +17,11 @@ public class StringUtils {
if (c >= ' ' && c <= '~') switch(c) {
case '<': case '>': case '&': case '"':
case '\'': case '\\': case '`':
break; // cur char is bad, escape it
break; // cur char is bad, escape it
default:
continue; // char is OK, continue scan.
continue; // char is ok, continue scan
}
// this code runs when char is either out of alphanumeric range OR
// This code runs when char is either out of alphanumeric range OR
// char is restricted.
if (sb == null) {
sb = new StringBuilder(c <= '~' ? len + 22 : len * 6 + 2);
@ -42,21 +42,21 @@ public class StringUtils {
return sb.toString();
}
public static String escapeHtml(final String s) {
public static String escapeHtmlRaw(final String s) {
final char[] sArr = s.toCharArray();
for (int i = 0, end = sArr.length; i < end; i++) {
switch (sArr[i]) {
case '<': case '>': case '&': case '"': case '\'':
final StringBuilder sb = new StringBuilder(end + 20);
sb.append(s, 0, i);
escapeHtml(sb, sArr, i, end);
escapeHtmlRaw(sb, sArr, i, end);
return sb.toString();
}
}
return s;
}
public static void escapeHtml(final StringBuilder sb, final char[] sArr,
public static void escapeHtmlRaw(final StringBuilder sb, final char[] sArr,
int start, final int end) {
for (int i = start; i < end; i++) {

2
modules/i18n/src/main/Translation.scala
View file

@ -2,7 +2,7 @@ package lila.i18n
import scalatags.Text.all._
import lila.common.String.frag.escapeHtml
import lila.common.String.html.escapeHtml
private sealed trait Translation

3
modules/i18n/src/main/Translator.scala
View file

@ -4,7 +4,6 @@ import scalatags.Text.all._
import lila.common.Lang
import lila.common.String.html.escapeHtml
import lila.common.String.frag.{ escapeHtml => escapeFrag }
object Translator {
@ -35,7 +34,7 @@ object Translator {
}
private def escapeArgs(args: Seq[Any]): Seq[RawFrag] = args.map {
case s: String => escapeFrag(s)
case s: String => escapeHtml(s)
case r: RawFrag => r
case a => RawFrag(a.toString)
}

2
modules/team/src/main/TeamApi.scala
View file

@ -193,7 +193,7 @@ final class TeamApi(
def owns(teamId: String, userId: String): Fu[Boolean] =
TeamRepo ownerOf teamId map (Some(userId) ==)
def teamName(teamId: String) = cached name teamId
def teamName(teamId: String): Option[String] = cached.name(teamId)
def nbRequests(teamId: String) = cached.nbRequests get teamId