mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Auto-link urls in message bodies

Browse source 
And watch out for xss.

Closes #187
This commit is contained in:
lilia 2015-03-06 17:01:04 -08:00
parent 8ee282b1aa
commit dc1b09f59d
3 changed files with 32 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
js/views/message_view.js
View file

@ -31,7 +31,6 @@
} }
}); });
var ContentMessageView = Whisper.View.extend({ var ContentMessageView = Whisper.View.extend({
tagName: 'div', tagName: 'div',
template: $('#message').html(), template: $('#message').html(),
@ -45,6 +44,9 @@
renderDelivered: function() { renderDelivered: function() {
if (this.model.get('delivered')) { this.$el.addClass('delivered'); } if (this.model.get('delivered')) { this.$el.addClass('delivered'); }
}, },
autoLink: function(text) {
return text.replace(/(^|[\s\n]|<br\/?>)((?:https?|ftp):\/\/[\-A-Z0-9+\u0026\u2019@#\/%?=()~_|!:,.;]*[\-A-Z0-9+\u0026@#\/%=~()_|])/gi, "$1<a href='$2' target='_blank'>$2</a>");
},
render: function() { render: function() {
this.$el.html( this.$el.html(
Mustache.render(this.template, { Mustache.render(this.template, {
@ -54,6 +56,9 @@
}) })
); );
var content = this.$el.find('.content');
content.html(this.autoLink(content.html()));
this.renderDelivered(); this.renderDelivered();
this.$el.find('.attachments').append( this.$el.find('.attachments').append(

15
test/index.html
View file

@ -47,16 +47,13 @@
<script type='text/x-tmpl-mustache' id='message'> <script type='text/x-tmpl-mustache' id='message'>
<div class='sender'>{{ sender }}</div> <div class='sender'>{{ sender }}</div>
<img class='avatar' src='{{ contact_avatar }}'> <img class='avatar' src='{{ contact_avatar }}'>
<div class='bubble bubble_context {{ bubble_class }}'> <div class="bubble">
<ul class='volley'> <p class="content">{{ message }}</p>
<li class='message'> <div class='attachments'></div>
{{ message }} <div class='meta'>
<span class='timestamp'>{{ timestamp }}</span> <span class='timestamp'>{{ timestamp }}</span>
</li> <span class='checkmark hide'></span>
</ul> </div>
{{#attachments}}
<img src={{.}}>
{{/attachments}}
</div> </div>
</script> </script>
<script type='text/x-tmpl-mustache' id='contact'> <script type='text/x-tmpl-mustache' id='contact'>

20
test/views/message_view_test.js
View file

@ -44,4 +44,24 @@ describe('MessageView', function() {
message.destroy(); message.destroy();
assert.strictEqual(div.find(view.$el).length, 0); assert.strictEqual(div.find(view.$el).length, 0);
}); });
it('allows links', function() {
var url = 'http://example.com';
message.set('body', url);
var view = new Whisper.MessageView({model: message});
view.render();
var link = view.$el.find('.content a');
assert.strictEqual(link.length, 1);
assert.strictEqual(link.text(), url);
assert.strictEqual(link.attr('href'), url);
});
it('disallows xss', function() {
var xss = '<script>alert("pwnd")</script>';
message.set('body', xss);
var view = new Whisper.MessageView({model: message});
view.render();
assert.include(view.$el.text(), xss); // should appear as escaped text
assert.strictEqual(view.$el.find('script').length, 0); // should not appear as html
});
}); });