From cce8d1a5b9f7fdc121f7dd34fcb70def8ba65aec Mon Sep 17 00:00:00 2001 From: farthinker Date: Sun, 20 Dec 2015 23:26:57 +0800 Subject: [PATCH] FIX: XSS bug using jquery html() #375 --- lib/simditor.js | 14 +++++++------- site/assets/scripts/simditor.js | 8 ++++---- site/demo.html | 2 +- src/clipboard.coffee | 2 +- src/core.coffee | 2 +- src/undoManager.coffee | 4 ++-- styles/simditor.css | 2 +- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/lib/simditor.js b/lib/simditor.js index 8c05bd7f..1510a3dd 100644 --- a/lib/simditor.js +++ b/lib/simditor.js @@ -1,7 +1,7 @@ /*! * Simditor v2.3.5 * http://simditor.tower.im/ -* 2015-11-26 +* 2015-12-20 */ (function (root, factory) { if (typeof define === 'function' && define.amd) { @@ -1430,7 +1430,7 @@ UndoManager = (function(superClass) { this.editor.hidePopover(); this._index -= 1; state = this._stack[this._index]; - this.editor.body.html(state.html); + this.editor.body.get(0).innerHTML = state.html; this.caretPosition(state.caret); this.editor.body.find('.selected').removeClass('selected'); this.editor.sync(); @@ -1445,7 +1445,7 @@ UndoManager = (function(superClass) { this.editor.hidePopover(); this._index += 1; state = this._stack[this._index]; - this.editor.body.html(state.html); + this.editor.body.get(0).innerHTML = state.html; this.caretPosition(state.caret); this.editor.body.find('.selected').removeClass('selected'); this.editor.sync(); @@ -2296,7 +2296,7 @@ Clipboard = (function(superClass) { return function() { var pasteContent; _this.editor.hidePopover(); - _this.editor.body.html(state.html); + _this.editor.body.get(0).innerHTML = state.html; _this.editor.undoManager.caretPosition(state.caret); _this.editor.body.focus(); _this.editor.selection.reset(); @@ -2569,7 +2569,7 @@ Simditor = (function(superClass) { Simditor.prototype.setValue = function(val) { this.hidePopover(); this.textarea.val(val); - this.body.html(val); + this.body.get(0).innerHTML = val; this.formatter.format(); this.formatter.decorate(); this.util.reflow(this.body); @@ -2683,8 +2683,8 @@ Simditor.i18n = { 'linkText': '链接文字', 'linkUrl': '链接地址', 'linkTarget': '打开方式', - 'openLinkInCurrentWindow': '在当前窗口中打开', - 'openLinkInNewWindow': '在新窗口中打开', + 'openLinkInCurrentWindow': '在新窗口中打开', + 'openLinkInNewWindow': '在当前窗口中打开', 'removeLink': '移除链接', 'ol': '有序列表', 'ul': '无序列表', diff --git a/site/assets/scripts/simditor.js b/site/assets/scripts/simditor.js index dc239187..742f16e9 100644 --- a/site/assets/scripts/simditor.js +++ b/site/assets/scripts/simditor.js @@ -1425,7 +1425,7 @@ UndoManager = (function(superClass) { this.editor.hidePopover(); this._index -= 1; state = this._stack[this._index]; - this.editor.body.html(state.html); + this.editor.body.get(0).innerHTML = state.html; this.caretPosition(state.caret); this.editor.body.find('.selected').removeClass('selected'); this.editor.sync(); @@ -1440,7 +1440,7 @@ UndoManager = (function(superClass) { this.editor.hidePopover(); this._index += 1; state = this._stack[this._index]; - this.editor.body.html(state.html); + this.editor.body.get(0).innerHTML = state.html; this.caretPosition(state.caret); this.editor.body.find('.selected').removeClass('selected'); this.editor.sync(); @@ -2291,7 +2291,7 @@ Clipboard = (function(superClass) { return function() { var pasteContent; _this.editor.hidePopover(); - _this.editor.body.html(state.html); + _this.editor.body.get(0).innerHTML = state.html; _this.editor.undoManager.caretPosition(state.caret); _this.editor.body.focus(); _this.editor.selection.reset(); @@ -2564,7 +2564,7 @@ Simditor = (function(superClass) { Simditor.prototype.setValue = function(val) { this.hidePopover(); this.textarea.val(val); - this.body.html(val); + this.body.get(0).innerHTML = val; this.formatter.format(); this.formatter.decorate(); this.util.reflow(this.body); diff --git a/site/demo.html b/site/demo.html index 82cbe2b6..12cbbb9f 100644 --- a/site/demo.html +++ b/site/demo.html @@ -5,7 +5,7 @@ ---
- +
diff --git a/src/clipboard.coffee b/src/clipboard.coffee index 0c7c741a..525969b5 100644 --- a/src/clipboard.coffee +++ b/src/clipboard.coffee @@ -77,7 +77,7 @@ class Clipboard extends SimpleModule setTimeout => @editor.hidePopover() - @editor.body.html state.html + @editor.body.get(0).innerHTML = state.html @editor.undoManager.caretPosition state.caret @editor.body.focus() @editor.selection.reset() diff --git a/src/core.coffee b/src/core.coffee index 2fe74fa1..681e4226 100644 --- a/src/core.coffee +++ b/src/core.coffee @@ -122,7 +122,7 @@ class Simditor extends SimpleModule setValue: (val) -> @hidePopover() @textarea.val val - @body.html val + @body.get(0).innerHTML = val @formatter.format() @formatter.decorate() diff --git a/src/undoManager.coffee b/src/undoManager.coffee index 1540a0e0..2b330257 100644 --- a/src/undoManager.coffee +++ b/src/undoManager.coffee @@ -109,7 +109,7 @@ class UndoManager extends SimpleModule @_index -= 1 state = @_stack[@_index] - @editor.body.html state.html + @editor.body.get(0).innerHTML = state.html @caretPosition state.caret @editor.body.find('.selected').removeClass('selected') @editor.sync() @@ -124,7 +124,7 @@ class UndoManager extends SimpleModule @_index += 1 state = @_stack[@_index] - @editor.body.html state.html + @editor.body.get(0).innerHTML = state.html @caretPosition state.caret @editor.body.find('.selected').removeClass('selected') @editor.sync() diff --git a/styles/simditor.css b/styles/simditor.css index 1c509fb7..509904db 100644 --- a/styles/simditor.css +++ b/styles/simditor.css @@ -1,7 +1,7 @@ /*! * Simditor v2.3.5 * http://simditor.tower.im/ -* 2015-11-26 +* 2015-12-20 */ @font-face { font-family: 'Simditor';