Encode HTML entities in user input

yevhenpavliuk · yevhenpavliuk · commit 4774dfe5933d · 2016-11-20T00:51:34.000+02:00
diff --git a/src/editor.html b/src/editor.html
@@ -1235,7 +1235,7 @@
 				zss_editor.restorerange();
 				var sel = document.getSelection();
 				sel.deleteFromDocument();
-				document.execCommand("insertHTML",false,"<a href='"+url+"'>"+title+"</a>");
+				document.execCommand('insertHTML',false,'<a href="'+encodeHtmlEntities(url)+'">'+encodeHtmlEntities(title)+'</a>');
 
 				zss_editor.enabledEditingItems();
 			}
@@ -1317,7 +1317,7 @@
 					}
 				}
 
-				var html_code = '<a href="' + link_url + '">' + sel + '</a>';
+				var html_code = '<a href="' + encodeHtmlEntities(link_url) + '">' + encodeHtmlEntities(sel) + '</a>';
 				zss_editor.insertHTML(html_code);
 
 			}
@@ -1328,14 +1328,14 @@
 
 			zss_editor.insertImage = function(url, alt) {
 				zss_editor.restorerange();
-				var html = '<img src="'+url+'" alt="'+alt+'" /><br>';
+				var html = '<img src="'+encodeHtmlEntities(url)+'" alt="'+encodeHtmlEntities(alt)+'" /><br>';
 				zss_editor.insertHTML(html);
 				zss_editor.enabledEditingItems();
 			}
 
 			zss_editor.insertImageBase64String = function(imageBase64String, alt) {
 				zss_editor.restorerange();
-				var html = '<img src="data:image/jpeg;base64,'+imageBase64String+'" alt="'+alt+'" />';
+				var html = '<img src="data:image/jpeg;base64,'+encodeHtmlEntities(imageBase64String)+'" alt="'+encodeHtmlEntities(alt)+'" />';
 				zss_editor.insertHTML(html);
 				zss_editor.enabledEditingItems();
 			}

Original file line number	Diff line number	Diff line change
`@@ -1235,7 +1235,7 @@`
`1235`	`1235`	`zss_editor.restorerange();`
`1236`	`1236`	`var sel = document.getSelection();`
`1237`	`1237`	`sel.deleteFromDocument();`
`1238`		`- document.execCommand("insertHTML",false,"<a href='"+url+"'>"+title+"</a>");`
	`1238`	`+ document.execCommand('insertHTML',false,'<a href="'+encodeHtmlEntities(url)+'">'+encodeHtmlEntities(title)+'</a>');`
`1239`	`1239`
`1240`	`1240`	`zss_editor.enabledEditingItems();`
`1241`	`1241`	`}`
`@@ -1317,7 +1317,7 @@`
`1317`	`1317`	`}`
`1318`	`1318`	`}`
`1319`	`1319`
`1320`		`- var html_code = '<a href="' + link_url + '">' + sel + '</a>';`
	`1320`	`+ var html_code = '<a href="' + encodeHtmlEntities(link_url) + '">' + encodeHtmlEntities(sel) + '</a>';`
`1321`	`1321`	`zss_editor.insertHTML(html_code);`
`1322`	`1322`
`1323`	`1323`	`}`
`@@ -1328,14 +1328,14 @@`
`1328`	`1328`
`1329`	`1329`	`zss_editor.insertImage = function(url, alt) {`
`1330`	`1330`	`zss_editor.restorerange();`
`1331`		`- var html = '<img src="'+url+'" alt="'+alt+'" /><br>';`
	`1331`	`+ var html = '<img src="'+encodeHtmlEntities(url)+'" alt="'+encodeHtmlEntities(alt)+'" /><br>';`
`1332`	`1332`	`zss_editor.insertHTML(html);`
`1333`	`1333`	`zss_editor.enabledEditingItems();`
`1334`	`1334`	`}`
`1335`	`1335`
`1336`	`1336`	`zss_editor.insertImageBase64String = function(imageBase64String, alt) {`
`1337`	`1337`	`zss_editor.restorerange();`
`1338`		`- var html = '<img src="data:image/jpeg;base64,'+imageBase64String+'" alt="'+alt+'" />';`
	`1338`	`+ var html = '<img src="data:image/jpeg;base64,'+encodeHtmlEntities(imageBase64String)+'" alt="'+encodeHtmlEntities(alt)+'" />';`
`1339`	`1339`	`zss_editor.insertHTML(html);`
`1340`	`1340`	`zss_editor.enabledEditingItems();`
`1341`	`1341`	`}`