Escape HTML in JSON of contacts module
parent
7118bbe0ab
commit
80a0940765
2
NEWS
2
NEWS
|
@ -40,7 +40,7 @@ Bug fixes
|
|||
- warn user when dnd failed because of a resource conflict (#1613)
|
||||
- respect the maximum number of bookings when viewing the freebusy information of a resource (#2560)
|
||||
- encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411)
|
||||
- encode HTML entities in JSON data returned by Calendar module (#2598)
|
||||
- encode HTML entities in JSON data (#2598)
|
||||
- fixed handling of ACLs on shared calendars with multiple groups (#1854)
|
||||
- fixed HTML formatting of appointment notifications for Outlook (#2233)
|
||||
- replace slashes by dashes in filenames of attachments to avoid a 404 return code (#2537)
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#import <NGCards/CardElement.h>
|
||||
#import <NGCards/NSArray+NGCards.h>
|
||||
#import <NGExtensions/NSString+Ext.h>
|
||||
#import <NGExtensions/NSString+misc.h>
|
||||
|
||||
#import <SOGo/NSCalendarDate+SOGo.h>
|
||||
#import <SOGo/SOGoDateFormatter.h>
|
||||
|
@ -71,7 +72,7 @@
|
|||
NSMutableString *cardString;
|
||||
|
||||
cardString = [NSMutableString stringWithCapacity: 80];
|
||||
value = [value stringByReplacingString: @"\r" withString: @""];
|
||||
value = [[value stringByReplacingString: @"\r" withString: @""] stringByEscapingHTMLString];
|
||||
if ([value length] > 0)
|
||||
{
|
||||
if ([url length] > 0)
|
||||
|
|
|
@ -127,11 +127,32 @@
|
|||
- (id <WOActionResults>) contactsListAction
|
||||
{
|
||||
id <WOActionResults> result;
|
||||
id currentInfo;
|
||||
NSArray *contactsList;
|
||||
NSEnumerator *contactsListEnumerator, *keysEnumerator;
|
||||
NSMutableArray *newContactsList;
|
||||
NSMutableDictionary *currentContactDictionary;
|
||||
NSString *key;
|
||||
|
||||
contactsList = [self contactInfos];
|
||||
contactsListEnumerator = [contactsList objectEnumerator];
|
||||
newContactsList = [NSMutableArray arrayWithCapacity: [contactsList count]];
|
||||
|
||||
// Escape HTML
|
||||
while ((currentContactDictionary = [contactsListEnumerator nextObject]))
|
||||
{
|
||||
keysEnumerator = [currentContactDictionary keyEnumerator];
|
||||
while ((key = [keysEnumerator nextObject]))
|
||||
{
|
||||
currentInfo = [currentContactDictionary objectForKey: key];
|
||||
if ([currentInfo respondsToSelector: @selector (stringByEscapingHTMLString)])
|
||||
[currentContactDictionary setObject: [currentInfo stringByEscapingHTMLString] forKey: key];
|
||||
}
|
||||
[newContactsList addObject: currentContactDictionary];
|
||||
}
|
||||
|
||||
result = [self responseWithStatus: 200
|
||||
andString: [contactsList jsonRepresentation]];
|
||||
andString: [newContactsList jsonRepresentation]];
|
||||
|
||||
return result;
|
||||
}
|
||||
|
|
|
@ -103,13 +103,13 @@ function contactsListCallback(http) {
|
|||
null,
|
||||
null,
|
||||
row);
|
||||
cell.appendChild(document.createTextNode(contact["c_cn"]));
|
||||
cell.update(contact["c_cn"]);
|
||||
cell.title = contact["c_cn"];
|
||||
|
||||
cell = document.createElement("td");
|
||||
row.appendChild(cell);
|
||||
if (contact["c_mail"]) {
|
||||
cell.appendChild(document.createTextNode(contact["c_mail"]));
|
||||
cell.update(contact["c_mail"]);
|
||||
cell.title = contact["c_mail"];
|
||||
}
|
||||
|
||||
|
@ -117,17 +117,17 @@ function contactsListCallback(http) {
|
|||
cell = document.createElement("td");
|
||||
row.appendChild(cell);
|
||||
if (contact["c_screenname"])
|
||||
cell.appendChild(document.createTextNode(contact["c_screenname"]));
|
||||
cell.update(contact["c_screenname"]);
|
||||
|
||||
cell = document.createElement("td");
|
||||
row.appendChild(cell);
|
||||
if (contact["c_o"])
|
||||
cell.appendChild(document.createTextNode(contact["c_o"]));
|
||||
cell.update(contact["c_o"]);
|
||||
|
||||
cell = document.createElement("td");
|
||||
row.appendChild(cell);
|
||||
if (contact["c_telephonenumber"])
|
||||
cell.appendChild(document.createTextNode(contact["c_telephonenumber"]));
|
||||
cell.update(contact["c_telephonenumber"]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue