mirror of
https://github.com/TryGhost/Ghost-Admin.git
synced 2023-12-14 02:33:04 +01:00
Swapping escape to sanitze
issue #938 - rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors - added listener for changes to both editor and settings page - added more sanitization to the user model - consistently use triple-braces when outputting blog post titles
This commit is contained in:
Hannah Wolfe
parent
32a0c2e7da
commit
85267d2394
|
|
@ -1,5 +1,5 @@
|
|||
<a class="permalink{{#if featured}} featured{{/if}}" href="#">
|
||||
<h3 class="entry-title">{{title}}</h3>
|
||||
<h3 class="entry-title">{{{title}}}</h3>
|
||||
<section class="entry-meta">
|
||||
<time datetime="2013-01-04" class="date">
|
||||
{{#if published}}
|
||||
|
|
|
|||
|
|
@ -283,6 +283,8 @@
|
|||
this.$('#entry-title').val(this.model.get('title')).focus();
|
||||
this.$('#entry-markdown').text(this.model.get('markdown'));
|
||||
|
||||
this.listenTo(this.model, 'change:title', this.renderTitle);
|
||||
|
||||
this.initMarkdown();
|
||||
this.renderPreview();
|
||||
|
||||
|
|
@ -363,6 +365,10 @@
|
|||
}
|
||||
},
|
||||
|
||||
renderTitle: function () {
|
||||
this.$('#entry-title').val(this.model.get('title'));
|
||||
},
|
||||
|
||||
// This is a hack to remove iOS6 white space on orientation change bug
|
||||
// See: http://cl.ly/RGx9
|
||||
orientationChange: function () {
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
this.addSubview(this.sidebar);
|
||||
|
||||
this.listenTo(Ghost.router, "route:settings", this.changePane);
|
||||
this.listenTo(Ghost.router, 'route:settings', this.changePane);
|
||||
},
|
||||
|
||||
changePane: function (pane) {
|
||||
|
|
@ -155,7 +155,8 @@
|
|||
},
|
||||
|
||||
saveSettings: function () {
|
||||
var title = this.$('#blog-title').val(),
|
||||
var self = this,
|
||||
title = this.$('#blog-title').val(),
|
||||
description = this.$('#blog-description').val(),
|
||||
email = this.$('#email-address').val(),
|
||||
postsPerPage = this.$('#postsPerPage').val();
|
||||
|
|
@ -186,7 +187,7 @@
|
|||
}, {
|
||||
success: this.saveSuccess,
|
||||
error: this.saveError
|
||||
});
|
||||
}).then(function () { self.render(); });
|
||||
}
|
||||
},
|
||||
showLogo: function (e) {
|
||||
|
|
@ -212,8 +213,10 @@
|
|||
self.model.save(data, {
|
||||
success: self.saveSuccess,
|
||||
error: self.saveError
|
||||
}).then(function () {
|
||||
self.render();
|
||||
});
|
||||
self.render();
|
||||
|
||||
return true;
|
||||
},
|
||||
buttonClass: "button-save right",
|
||||
|
|
@ -268,8 +271,9 @@
|
|||
self.model.save(data, {
|
||||
success: self.saveSuccess,
|
||||
error: self.saveError
|
||||
}).then(function () {
|
||||
self.render();
|
||||
});
|
||||
self.render();
|
||||
return true;
|
||||
},
|
||||
buttonClass: "button-save right",
|
||||
|
|
@ -283,7 +287,8 @@
|
|||
|
||||
|
||||
saveUser: function () {
|
||||
var userName = this.$('#user-name').val(),
|
||||
var self = this,
|
||||
userName = this.$('#user-name').val(),
|
||||
userEmail = this.$('#user-email').val(),
|
||||
userLocation = this.$('#user-location').val(),
|
||||
userWebsite = this.$('#user-website').val(),
|
||||
|
|
@ -322,6 +327,8 @@
|
|||
}, {
|
||||
success: this.saveSuccess,
|
||||
error: this.saveError
|
||||
}).then(function () {
|
||||
self.render();
|
||||
});
|
||||
}
|
||||
},
|
||||
|
|
@ -365,6 +372,8 @@
|
|||
status: 'passive'
|
||||
});
|
||||
}
|
||||
}).then(function () {
|
||||
self.render();
|
||||
});
|
||||
}
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue