Skip to content

Commit

Permalink
Merge pull request #11 from laszlof/master
Browse files Browse the repository at this point in the history 
Fix XSS vulnerability
  • Loading branch information
@uudashr
uudashr committed Mar 15, 2016
2 parents 9053e5a + 9819f71 commit cb4baed
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 34 deletions.
61 changes: 31 additions & 30 deletions jquery.linkify.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,33 @@ function linkify(string, buildHashtagUrl, includeW3, target, noFollow) {
if (noFollow) {
relNoFollow = " rel=\"nofollow\"";
}

string = string.replace(/((http|https|ftp)\:\/\/|\bw{3}\.)[a-z0-9\-\.]+\.[a-z]{2,3}(:[a-z0-9]*)?\/?([a-z\u00C0-\u017F0-9\-\._\?\,\'\/\\\+&%\$#\=~])*/gi, function(captured) {
var uri;
if (captured.toLowerCase().indexOf("www.") == 0) {
if (!includeW3) {
return captured;
}
uri = "http://" + captured;
} else {
uri = captured;
}
return "<a href=\"" + uri+ "\" target=\"" + target + "\"" + relNoFollow + ">" + captured + "</a>";
});


if (string.toLowerCase().indexOf("www.") === 0 && includeW3) {
string = '<a href="http://' + string + '" target="' + target + '"' + relNoFollow + '>' + string + '</a>';
} else {
string = '<a href="' + string + '" target="' + target + '"' + relNoFollow + '>' + string + '</a>';
}

if (buildHashtagUrl) {
string = string.replace(/\B#(\w+)/g, "<a href=" + buildHashtagUrl("$1") +" target=\"" + target + "\"" + relNoFollow + ">#$1</a>");
string = string.replace(/\B#(\w+)/g, '<a href=' + buildHashtagUrl("$1") + ' target="' + target + '"' + relNoFollow + '>#$1</a>');
}
return string;
}

(function($) {
$.fn.linkify = function(opts) {
return this.each(function() {
var $this = $(this);
var buildHashtagUrl;
var includeW3 = true;
var target = '_self';
var noFollow = true;
var regex = /((http|https|ftp)\:\/\/|\bw{3}\.)[a-z0-9\-\.]+\.[a-z]{2,3}(:[a-z0-9]*)?\/?([a-z\u00C0-\u017F0-9\-\._\?\,\'\/\\\+&amp;%\$#\=~])*/gi;
var txt = this.innerHTML;
var output = '';
var replacement;
var matchLen;
var lastIndex = 0;

if (opts) {
if (typeof opts == "function") {
buildHashtagUrl = opts;
Expand All @@ -49,18 +48,20 @@ function linkify(string, buildHashtagUrl, includeW3, target, noFollow) {
}
}
}
$this.html(
$.map(
$this.contents(),
function(n, i) {
if (n.nodeType == 3) {
return linkify(n.data, buildHashtagUrl, includeW3, target, noFollow);
} else {
return n.outerHTML;
}
}
).join("")
);

while ((match = regex.exec(txt)) !== null) {
matchLen = match[0].length;
replacement = linkify(match[0], buildHashtagUrl, includeW3, target, noFollow);
output += txt.substring(lastIndex, match.index + matchLen).replace(match[0], replacement);
lastIndex = match.index + matchLen;
}

// Include the rest of the text.
if (lastIndex !== txt.length) {
output += txt.substring(lastIndex);
}

$(this).html(output);
});
}
})(jQuery);
};
})(jQuery);
5 changes: 1 addition & 4 deletions jquery.linkify.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit cb4baed

Please sign in to comment.