Move to escape-html

* If there is a package that does exactly the same then lets us use that * Import it properly in the internals (less deprecation warnings) Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-04 13:23:32 +02:00 · 2019-10-04 13:23:32 +02:00 · 6c489a6d40
commit 6c489a6d40
parent 2507f26428
14 changed files with 27 additions and 61 deletions
--- a/apps/oauth2/js/oauth2.js
+++ b/apps/oauth2/js/oauth2.js
--- a/apps/oauth2/js/oauth2.js.map
+++ b/apps/oauth2/js/oauth2.js.map
--- a/core/js/dist/login.js
+++ b/core/js/dist/login.js
--- a/core/js/dist/login.js.map
+++ b/core/js/dist/login.js.map
--- a/core/js/dist/main.js
+++ b/core/js/dist/main.js
--- a/core/js/dist/main.js.map
+++ b/core/js/dist/main.js.map
--- a/core/js/dist/maintenance.js
+++ b/core/js/dist/maintenance.js
--- a/core/js/dist/maintenance.js.map
+++ b/core/js/dist/maintenance.js.map
--- a/core/src/OC/l10n.js
+++ b/core/src/OC/l10n.js
@ -12,6 +12,7 @@ import _ from 'underscore'
 import $ from 'jquery'
 import DOMPurify from 'dompurify'
 import Handlebars from 'handlebars'
+import escapeHTML from 'escape-html'

 import OC from './index'
 import {
--- a/core/src/Util/escapeHTML.js
+++ b/core/src/Util/escapeHTML.js
@ -1,36 +0,0 @@
-/*
- * @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
- *
- * @author 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
- * @param {string} s String to sanitize
- * @returns {string} Sanitized string
- */
-export default function escapeHTML(s) {
-	return s.toString()
-		.split('&')
-		.join('&amp;')
-		.split('<')
-		.join('&lt;').split('>')
-		.join('&gt;').split('"')
-		.join('&quot;').split('\'')
-		.join('&#039;')
-}
--- a/core/src/globals.js
+++ b/core/src/globals.js
@ -54,7 +54,7 @@ import 'strengthify/strengthify.css'
 import OC from './OC/index'
 import OCP from './OCP/index'
 import OCA from './OCA/index'
-import escapeHTML from './Util/escapeHTML'
+import escapeHTML from 'escape-html'
 import formatDate from './Util/format-date'
 import { getToken as getRequestToken } from './OC/requesttoken'
 import getURLParameter from './Util/get-url-parameter'
--- a/core/src/jquery/octemplate.js
+++ b/core/src/jquery/octemplate.js
@ -1,5 +1,5 @@
 import $ from 'jquery'
-import escapeHTML from '../Util/escapeHTML'
+import escapeHTML from 'escape-html'

 /**
 * jQuery plugin for micro templates
--- a/package-lock.json
+++ b/package-lock.json
@ -1350,7 +1350,7 @@
        },
        "util": {
          "version": "0.10.3",
-          "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz",
+          "resolved": "http://registry.npmjs.org/util/-/util-0.10.3.tgz",
          "integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=",
          "dev": true,
          "requires": {
@ -1384,7 +1384,7 @@
    },
    "async": {
      "version": "1.5.2",
-      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "resolved": "http://registry.npmjs.org/async/-/async-1.5.2.tgz",
      "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
    },
    "async-each": {
@ -1732,7 +1732,7 @@
    },
    "browserify-aes": {
      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
+      "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
      "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==",
      "dev": true,
      "requires": {
@ -1769,7 +1769,7 @@
    },
    "browserify-rsa": {
      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
+      "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
      "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=",
      "dev": true,
      "requires": {
@ -1820,7 +1820,7 @@
    },
    "buffer": {
      "version": "4.9.1",
-      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
+      "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
      "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
      "dev": true,
      "requires": {
@ -2443,7 +2443,7 @@
    },
    "create-hash": {
      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
+      "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
      "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==",
      "dev": true,
      "requires": {
@ -2456,7 +2456,7 @@
    },
    "create-hmac": {
      "version": "1.1.7",
-      "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
+      "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
      "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==",
      "dev": true,
      "requires": {
@ -2790,7 +2790,7 @@
    },
    "diffie-hellman": {
      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
+      "resolved": "http://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
      "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==",
      "dev": true,
      "requires": {
@ -3591,7 +3591,7 @@
    },
    "events": {
      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/events/-/events-3.0.0.tgz",
+      "resolved": "http://registry.npmjs.org/events/-/events-3.0.0.tgz",
      "integrity": "sha512-Dc381HFWJzEOhQ+d8pkNon++bk9h6cdAoAj4iE6Q4y6xgTzySWXlKn05/TVNpjnfRqi/X0EpJEJohPjNI3zpVA==",
      "dev": true
    },
@ -3704,7 +3704,7 @@
      "dependencies": {
        "source-map": {
          "version": "0.5.0",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.0.tgz",
+          "resolved": "http://registry.npmjs.org/source-map/-/source-map-0.5.0.tgz",
          "integrity": "sha1-D+llA6yGpa213mP05BKuSHLNvoY=",
          "dev": true
        }
@ -6392,7 +6392,7 @@
    },
    "mkdirp": {
      "version": "0.5.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
      "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
      "requires": {
        "minimist": "0.0.8"
@ -7072,7 +7072,7 @@
    },
    "parse-asn1": {
      "version": "5.1.5",
-      "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.5.tgz",
+      "resolved": "http://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.5.tgz",
      "integrity": "sha512-jkMYn1dcJqF6d5CpU689bq7w/b5ALS9ROVSpQDPrZsqqesUJii9qutvoT5ltGedNXMO2e16YUWIghG9KxaViTQ==",
      "dev": true,
      "requires": {
@ -7128,7 +7128,7 @@
    },
    "path-browserify": {
      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz",
+      "resolved": "http://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz",
      "integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==",
      "dev": true
    },
@ -7145,7 +7145,7 @@
    },
    "path-is-absolute": {
      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "resolved": "http://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
    },
    "path-is-inside": {
@ -7753,7 +7753,7 @@
    },
    "readable-stream": {
      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
      "dev": true,
      "requires": {
@ -7927,7 +7927,7 @@
      "dependencies": {
        "jsesc": {
          "version": "0.5.0",
-          "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
+          "resolved": "http://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
          "integrity": "sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=",
          "dev": true
        }
@ -8370,7 +8370,7 @@
    },
    "sha.js": {
      "version": "2.4.11",
-      "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
+      "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
      "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==",
      "dev": true,
      "requires": {
@ -8726,7 +8726,7 @@
    },
    "stream-browserify": {
      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
+      "resolved": "http://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
      "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==",
      "dev": true,
      "requires": {
@ -8828,7 +8828,7 @@
    },
    "string_decoder": {
      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
      "requires": {
        "safe-buffer": "~5.1.0"
@ -9293,7 +9293,7 @@
    },
    "tty-browserify": {
      "version": "0.0.0",
-      "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
+      "resolved": "http://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
      "integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=",
      "dev": true
    },
@ -9688,7 +9688,7 @@
    },
    "vm-browserify": {
      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.0.tgz",
+      "resolved": "http://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.0.tgz",
      "integrity": "sha512-iq+S7vZJE60yejDYM0ek6zg308+UZsdtPExWP9VZoCFCz1zkJoXFnAX7aZfd/ZwrkidzdUZL0C/ryW+JwAiIGw==",
      "dev": true
    },
@ -10342,7 +10342,7 @@
    },
    "wrap-ansi": {
      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
+      "resolved": "http://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
      "integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
      "dev": true,
      "requires": {
@ -10378,7 +10378,7 @@
        },
        "strip-ansi": {
          "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+          "resolved": "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
          "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
          "dev": true,
          "requires": {
--- a/package.json
+++ b/package.json
@ -34,6 +34,7 @@
    "css-vars-ponyfill": "^2.1.2",
    "davclient.js": "git+https://github.com/owncloud/davclient.js.git#0.1.3",
    "dompurify": "^2.0.3",
+    "escape-html": "^1.0.3",
    "handlebars": "^4.3.4",
    "jcrop": "git+https://github.com/ChristophWurst/Jcrop.git#v0.9.12-npm3",
    "jquery": "2.1.4",