diff options
| -rwxr-xr-x | src/site.clj | 39 | ||||
| -rwxr-xr-x | static/js/pichat.js | 100 | ||||
| -rwxr-xr-x | static/js/register.js | 2 | ||||
| -rwxr-xr-x | template/profile.st | 8 |
4 files changed, 64 insertions, 85 deletions
diff --git a/src/site.clj b/src/site.clj index 15ac373..e7d401f 100755 --- a/src/site.clj +++ b/src/site.clj @@ -66,22 +66,6 @@ ;; Utils -(defn replace-in-str [s table] - (loop [ret s - [[char replacement] & rest] table] - (if (nil? char) - ret - (recur (.replaceAll ret char replacement) - rest)))) - -(defn encode-html-entities [s] - (replace-in-str s [["&" "&"] - ["'" "'"] - ["\"" """] - ["<" "<"] - [">" ">"]])) - - (defn swap [f] (fn [& more] (apply f (reverse more)))) @@ -148,10 +132,10 @@ (assoc d :created_on (.getTime (d :created_on)))) (defn process-message-for-output [d] - {"nick" (encode-html-entities (d :nick)) + {"nick" (escape-html (d :nick)) "message_id" (d :message_id) "created_on" (.format formatter (d :created_on)) - "content" (encode-html-entities (d :content))}) + "content" (escape-html (d :content))}) (defn new-messages [room since-ts] (let [since-date (new Date (long since-ts))] @@ -161,7 +145,7 @@ (defn process-user [u] (if (non-empty-string? (u :avatar)) {"nick" (u :nick) - "avatar" (encode-html-entities (u :avatar))} + "avatar" (escape-html (u :avatar))} {"nick" (u :nick)})) (defn prepare-user-list [room] @@ -289,7 +273,7 @@ (doseq [a [:nick :avatar :contact :bio]] (let [v (user-info a)] (.setAttribute st (name a) - (if (non-empty-string? v) (encode-html-entities v))))) + (if (non-empty-string? v) (escape-html v))))) (.setAttribute st "dumps" (to-array (map process-message-for-output dumps))) (if (< (+ dump-offset dumps-per-page) dump-count) @@ -525,16 +509,13 @@ (GET "/u/:nick/:offset" (profile session (params :nick) (params :offset))) - (GET "/update-profile" (update-profile session params)) (GET "/login" (login session params)) (GET "/logout" (logout session)) (GET "/register" (serve-static "static" "register.html")) - (GET "/submit-registration" (register session params)) (GET "/:room/chat" (no-cache (validated-chat session (-> request :route-params :room)))) (GET "/chat" (no-cache (validated-chat session "RoomA"))) (GET "/browser" (browser session)) (GET "/refresh" (validated-refresh session params)) - (GET "/msg" (validated-msg session params)) (GET "/log" (validated-log session "RoomA" "0" params)) (GET "/:room/log" (validated-log session (-> request :route-params :room) @@ -543,16 +524,20 @@ (-> request :route-params :room) (-> request :route-params :offset) params)) + ;; TODO: validate POST Referrer headers for POSTs + (POST "/msg" (validated-msg session params)) + (POST "/submit-registration" (register session params)) + (POST "/update-profile" (update-profile session params)) (ANY "*" (unknown-page params))) -(decorate pichat - (with-mimetypes) - (with-session {:type :memory, :expires (* 60 60)})) -; All uploading-related actions use the with-multipart decoration. (defroutes multipart (POST "/upload" (upload session params))) +(decorate pichat + (with-mimetypes) + (with-session {:type :memory, :expires (* 60 60)})) + (decorate multipart (with-mimetypes) (with-session {:type :memory, :expires (* 60 60)}) diff --git a/static/js/pichat.js b/static/js/pichat.js index 79f21b0..0a99f6c 100755 --- a/static/js/pichat.js +++ b/static/js/pichat.js @@ -7,22 +7,22 @@ function escapeHtml(txt) { } function linkify(text) { - var URLRegex = /((\b(http\:\/\/|https\:\/\/|ftp\:\/\/)|(www\.))+(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?)/gi; - return text.replace(URLRegex, linkReplace); + var URLRegex = /((\b(http\:\/\/|https\:\/\/|ftp\:\/\/)|(www\.))+(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?)/gi; + return text.replace(URLRegex, linkReplace); } function linkReplace(match){ - var PicRegex = /\.(jpg|jpeg|png|gif|bmp)$/i; - var matchWithoutParams = match.replace(/\?.*$/i, "") - if (PicRegex.test(matchWithoutParams)){ - return "<a target='_blank' href='" + match + "'><img src='" + match + "'></a>" - } else { - return "<a target='_blank' href='" + match + "'>" + match + "</a>" - } + var PicRegex = /\.(jpg|jpeg|png|gif|bmp)$/i; + var matchWithoutParams = match.replace(/\?.*$/i, "") + if (PicRegex.test(matchWithoutParams)){ + return "<a target='_blank' href='" + match + "'><img src='" + match + "'></a>" + } else { + return "<a target='_blank' href='" + match + "'>" + match + "</a>" + } } function buildMsgContent(content) { - return linkify(content) + return linkify(content) } function buildMessageDiv(msg, isLoading) { @@ -32,35 +32,35 @@ function buildMessageDiv(msg, isLoading) { return '<div class="msgDiv ' + loadingClass + '" ' + msgId + '>' + '<b><a href="/u/' + nick + ' ">' + nick + '</a>: </b>' + buildMsgContent(msg.content) - + '</div>'; + + '</div>'; } function buildUserDiv(user) { if (user.avatar) { return '<div class="username">' - + '<a href="/u/' + escapeHtml(user.nick) + '" target="_blank">' - + '<img src="' + user.avatar + '" width="50" height="50">' - + escapeHtml(user.nick) + '</a></div>'; + + '<a href="/u/' + escapeHtml(user.nick) + '" target="_blank">' + + '<img src="' + user.avatar + '" width="50" height="50">' + + escapeHtml(user.nick) + '</a></div>'; } else { return '<div class="username">' - + '<a href="/u/' + escapeHtml(user.nick) + '" target="_blank">' - + escapeHtml(user.nick) + '</a></div>'; + + '<a href="/u/' + escapeHtml(user.nick) + '" target="_blank">' + + escapeHtml(user.nick) + '</a></div>'; } } function buildGrowlDataAndPopDatShit(msg) { - var nick = escapeHtml(msg.nick); - nick = '<a href="/u/' + nick + ' " style="color:pink">' + nick + '</a>:' - var msg = buildMsgContent(msg.content) - growl(nick, msg) + var nick = escapeHtml(msg.nick); + nick = '<a href="/u/' + nick + ' " style="color:pink">' + nick + '</a>:' + var msg = buildMsgContent(msg.content) + growl(nick, msg) } function growl(user, msg) { $.gritter.add({ - // (string | mandatory) the heading of the notification - title: user, - // (string | mandatory) the text inside the notification - text: msg + // (string | mandatory) the heading of the notification + title: user, + // (string | mandatory) the text inside the notification + text: msg }); } @@ -89,19 +89,19 @@ function submitMessage() { .removeClass('loading').addClass('loaded'); }; var onError = function(resp, textStatus, errorThrown) { - div.remove(); + div.remove(); handleMsgError(resp); }; - + $.ajax({ - type: 'GET', - timeout: 5000, - url: '/msg', - data: { 'room': Room, 'content': content }, - cache: false, - dataType: 'json', - success: onSuccess, - error: onError + type: 'POST', + timeout: 5000, + url: '/msg', + data: { 'room': Room, 'content': content }, + cache: false, + dataType: 'json', + success: onSuccess, + error: onError }); } @@ -147,9 +147,9 @@ function setUserList(users) { function updateUI(msgs, users) { if (window['growlize'] && msgs && msgs.length > 0) { - $.map(msgs, buildGrowlDataAndPopDatShit) + $.map(msgs, buildGrowlDataAndPopDatShit) } else if (msgs && msgs.length > 0) { - addNewMessages(msgs); + addNewMessages(msgs); } if (users !== null) { var flattened = users.sort().join(",") @@ -226,30 +226,27 @@ function initProfile() { t.html(buildMsgContent(t.text())); }); - var onSubmit = function(original_element, edit, old) { - edit = $.trim(edit); - if (edit == old) { return old }; - // TODO: Prevent entering script tags - if (original_element == 'avatar' && edit.indexOf("<") != -1) { - return old; - } + var onSubmit = function(attr, newVal, oldVal) { + newVal = $.trim(newVal); + if (newVal == oldVal) { return oldVal }; + $.ajax({ - type: "GET", + type: "POST", timeout: 5000, url: "/update-profile", - data: { 'attr': original_element, 'val': edit } + data: { 'attr': attr, 'val': newVal } }); - if (original_element == 'avatar') { - var s = '<img id="avatarPic" src="' + edit + '" width="150" />'; + if (attr == 'avatar') { + var s = '<img id="avatarPic" src="' + newVal + '" width="150" />'; $('#avatarPic').replaceWith(s); } - return escapeHtml(edit); + return escapeHtml(newVal); }; var opt = { 'default_text': 'Enter here!', 'callback': onSubmit, 'field_type': 'text', - 'callbackShowErrors': false }; + 'callbackShowErrors': false }; $('#avatar.editable').editInPlace(opt); @@ -266,13 +263,14 @@ function initLog() { } +// TODO function favoriteImage() {}; -function setupUpload(elementId, roomKey) { +function setupUpload(elementId, roomKey) { new AjaxUpload(elementId, { action: '/upload', autoSubmit: true, name: 'image', - data: { room: roomKey } + data: { room: roomKey } }); }
\ No newline at end of file diff --git a/static/js/register.js b/static/js/register.js index 89a37fa..d8f9b6a 100755 --- a/static/js/register.js +++ b/static/js/register.js @@ -34,7 +34,7 @@ function submitRegistration() { }; $.ajax({ - type: 'GET', + type: 'POST', timeout: 5000, url: 'submit-registration', data: {'nick': nick, 'email': email, 'hash': hash }, diff --git a/template/profile.st b/template/profile.st index c0c3bd1..f2c5723 100755 --- a/template/profile.st +++ b/template/profile.st @@ -54,15 +54,11 @@ $endif$ <h3>contact info</h3> - <div id="contact" class="$if(is_home)$editable$else$linkify$endif$"> - $contact$ - </div> + <div id="contact" class="$if(is_home)$editable$else$linkify$endif$">$contact$</div> <br> <h3>personal info</h3> - <div id="bio" class="$if(is_home)$editable$else$linkify$endif$"> - $bio$ - </div> + <div id="bio" class="$if(is_home)$editable$else$linkify$endif$">$bio$</div> <br> <div id="date"> <div type="text" id="datepicker"></div></div> |