Got questions, comments, patches, etc.?
Contact Jason Woofenden
gitweb
/
peach-html5-editor.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
9e042b8
)
block bogus and javascripty attributes
author
Jason Woofenden
<jason@jasonwoof.com>
Sun, 13 Mar 2016 04:09:18 +0000
(23:09 -0500)
committer
Jason Woofenden
<jason@jasonwoof.com>
Sun, 13 Mar 2016 04:09:18 +0000
(23:09 -0500)
editor.coffee
patch
|
blob
|
history
diff --git
a/editor.coffee
b/editor.coffee
index
efc218f
..
b78f6a0
100644
(file)
--- a/
editor.coffee
+++ b/
editor.coffee
@@
-19,6
+19,11
@@
overlay_padding = 10
timeout = (ms, cb) -> return setTimeout cb, ms
timeout = (ms, cb) -> return setTimeout cb, ms
+# xml 1.0 says:
+valid_attr_regex = new RegExp '^[a-zA-Z_:][-a-zA-Z0-9_:.]*$'
+# html5 spec is much more lax, but chromium won't let me make at attribute with the name "4"
+js_attr_regex = new RegExp '^[oO][nN].'
+
debug_dot_at = (doc, x, y) ->
return # disabled
el = doc.createElement 'div'
debug_dot_at = (doc, x, y) ->
return # disabled
el = doc.createElement 'div'
@@
-301,7
+306,9
@@
instantiate_tree = (tree, parent) ->
c.el = parent.ownerDocument.createElement c.name
for k, v of c.attrs
# FIXME if attr_whitelist[k]?
c.el = parent.ownerDocument.createElement c.name
for k, v of c.attrs
# FIXME if attr_whitelist[k]?
- c.el.setAttribute k, v
+ if valid_attr_regex.test k
+ unless js_attr_regex.test k
+ c.el.setAttribute k, v
parent.appendChild c.el
if c.children.length
instantiate_tree c.children, c.el
parent.appendChild c.el
if c.children.length
instantiate_tree c.children, c.el