escaping more dangerous places

2020-04-23 19:55:52 +02:00 · 2020-04-23 19:55:52 +02:00 · d30c9d9d90
parent e0884a4eec
commit d30c9d9d90
9 changed files with 37 additions and 47 deletions
--- a/app/scripts/app.js
+++ b/app/scripts/app.js
@ -62,7 +62,8 @@ ready(() => {
            .catch(e => {
                Alerts.error({
                    header: Locale.appSettingsError,
-                    body: Locale.appNotSupportedError + '<br/><br/>' + e,
+                    body: Locale.appNotSupportedError,
+                    pre: e,
                    buttons: [],
                    esc: false,
                    enter: false,
@ -147,7 +148,7 @@ ready(() => {
                        esc: false,
                        enter: false,
                        click: false,
-                        body: Locale.appSecWarnBody1 + '<br/><br/>' + Locale.appSecWarnBody2,
+                        body: Locale.appSecWarnBody1 + '\n\n' + Locale.appSecWarnBody2,
                        buttons: [{ result: '', title: Locale.appSecWarnBtn, error: true }],
                        complete: () => {
                            showView();
--- a/app/scripts/comp/app/app-rights-checker.js
+++ b/app/scripts/comp/app/app-rights-checker.js
@ -38,10 +38,10 @@ const AppRightsChecker = {
            icon: 'lock',
            header: Locale.appRightsAlert,
            body:
-                Locale.appRightsAlertBody1.replace('{}', `<code>${this.AppPath}</code>`) +
-                '<br/>' +
-                Locale.appRightsAlertBody2 +
-                `: <pre>${command}</pre>`,
+                Locale.appRightsAlertBody1.replace('{}', this.AppPath) +
+                '\n' +
+                Locale.appRightsAlertBody2,
+            pre: command,
            buttons: [
                { result: 'skip', title: Locale.alertDoNotAsk, error: true },
                Alerts.buttons.ok
--- a/app/scripts/comp/format/otp-qr-reader.js
+++ b/app/scripts/comp/format/otp-qr-reader.js
@ -6,7 +6,6 @@ import { Otp } from 'util/data/otp';
 import { Features } from 'util/features';
 import { Locale } from 'util/locale';
 import { Logger } from 'util/logger';
-import { escape } from 'util/fn';

 const logger = new Logger('otp-qr-reader');

@ -53,7 +52,7 @@ class OtpQrReader {
                Locale.detSetupOtpAlertBody2.replace('{}', screenshotKey || ''),
                line3,
                Locale.detSetupOtpAlertBody4
-            ].join('<br/>'),
+            ].join('\n'),
            esc: '',
            click: '',
            enter: '',
@ -141,11 +140,8 @@ class OtpQrReader {
                    logger.error('Error parsing QR code', err);
                    Alerts.error({
                        header: Locale.detOtpQrWrong,
-                        body:
-                            Locale.detOtpQrWrongBody +
-                            '<pre class="modal__pre">' +
-                            escape(err.toString()) +
-                            '</pre>'
+                        body: Locale.detOtpQrWrongBody,
+                        pre: err.toString()
                    });
                }
            } catch (e) {
--- a/app/scripts/views/details/details-view.js
+++ b/app/scripts/views/details/details-view.js
@ -957,11 +957,8 @@ class DetailsView extends View {
    deleteFromTrash() {
        Alerts.yesno({
            header: Locale.detDelFromTrash,
-            body:
-                Locale.detDelFromTrashBody +
-                ' <p class="muted-color">' +
-                Locale.detDelFromTrashBodyHint +
-                '</p>',
+            body: Locale.detDelFromTrashBody,
+            hint: Locale.detDelFromTrashBodyHint,
            icon: 'minus-circle',
            success: () => {
                this.model.deleteFromTrash();
--- a/app/scripts/views/list-view.js
+++ b/app/scripts/views/list-view.js
@ -180,13 +180,13 @@ class ListView extends View {
    }

    createTemplate() {
-        if (!this.model.settings.templateHelpShown) {
+        if (!this.model.settings.templateHelpShown_) {
            Alerts.yesno({
                icon: 'sticky-note-o',
                header: Locale.listAddTemplateHeader,
                body:
-                    Locale.listAddTemplateBody1.replace('{}', '<i class="fa fa-plus"></i>') +
-                    '<br/>' +
+                    Locale.listAddTemplateBody1.replace('{}', '"+"') +
+                    '\n' +
                    Locale.listAddTemplateBody2.replace('{}', 'Templates'),
                buttons: [Alerts.buttons.ok, Alerts.buttons.cancel],
                success: () => {
--- a/app/scripts/views/modal-view.js
+++ b/app/scripts/views/modal-view.js
@ -29,7 +29,10 @@ class ModalView extends View {
    }

    render() {
-        super.render(this.model);
+        super.render({
+            ...this.model,
+            body: this.model.body ? this.model.body.toString().split('\n') : ''
+        });
        this.$el.addClass('modal--hidden');
        setTimeout(() => {
            this.$el.removeClass('modal--hidden');
--- a/app/scripts/views/open-view.js
+++ b/app/scripts/views/open-view.js
@ -17,7 +17,7 @@ import { Logger } from 'util/logger';
 import { InputFx } from 'util/ui/input-fx';
 import { OpenConfigView } from 'views/open-config-view';
 import { StorageFileListView } from 'views/storage-file-list-view';
-import { escape, omit } from 'util/fn';
+import { omit } from 'util/fn';
 import { GeneratorView } from 'views/generator-view';
 import template from 'templates/open.hbs';

@ -665,11 +665,8 @@ class OpenView extends View {
                }
                Alerts.error({
                    header: Locale.openError,
-                    body:
-                        Locale.openErrorDescription +
-                        '<pre class="modal__pre">' +
-                        escape(err.toString()) +
-                        '</pre>'
+                    body: Locale.openErrorDescription,
+                    pre: err.toString()
                });
            }
        } else {
@ -748,11 +745,8 @@ class OpenView extends View {
                if (err.lastIndexOf('OAuth', 0) !== 0 && !Alerts.alertDisplayed) {
                    Alerts.error({
                        header: Locale.openError,
-                        body:
-                            Locale.openListErrorBody +
-                            '<pre class="modal__pre">' +
-                            escape(err.toString()) +
-                            '</pre>'
+                        body: Locale.openListErrorBody,
+                        pre: err.toString()
                    });
                }
                return;
--- a/app/scripts/views/settings/settings-file-view.js
+++ b/app/scripts/views/settings/settings-file-view.js
@ -12,7 +12,7 @@ import { PasswordPresenter } from 'util/formatting/password-presenter';
 import { Locale } from 'util/locale';
 import { FileSaver } from 'util/ui/file-saver';
 import { OpenConfigView } from 'views/open-config-view';
-import { escape, omit } from 'util/fn';
+import { omit } from 'util/fn';
 import template from 'templates/settings/settings-file.hbs';

 const DefaultBackupPath = 'Backups/{name}.{date}.bak';
@ -240,8 +240,8 @@ class SettingsFileView extends View {
                                if (err) {
                                    Alerts.error({
                                        header: Locale.setFileSaveError,
-                                        body:
-                                            Locale.setFileSaveErrorBody + ' ' + path + ': \n' + err
+                                        body: Locale.setFileSaveErrorBody + ' ' + path + ':',
+                                        pre: err
                                    });
                                }
                            });
@ -344,10 +344,7 @@ class SettingsFileView extends View {
                if (existingFile) {
                    Alerts.yesno({
                        header: Locale.setFileAlreadyExists,
-                        body: Locale.setFileAlreadyExistsBody.replace(
-                            '{}',
-                            this.model.escape('name')
-                        ),
+                        body: Locale.setFileAlreadyExistsBody.replace('{}', this.model.name),
                        success: () => {
                            this.model.syncing = true;
                            storage.remove(existingFile.path, err => {
@ -599,11 +596,8 @@ class SettingsFileView extends View {
                    }
                    Alerts.error({
                        title,
-                        body:
-                            description +
-                            '<pre class="modal__pre">' +
-                            escape(err.toString()) +
-                            '</pre>'
+                        body: description,
+                        pre: err.toString()
                    });
                }
            });
--- a/app/templates/modal.hbs
+++ b/app/templates/modal.hbs
@ -1,9 +1,14 @@
 <div class="modal modal--hidden {{#if opaque}}modal--opaque{{/if}}">
    <div class="modal__content">
        <i class="modal__icon fa fa-{{icon}}"></i>
-        <div class="modal__header">{{{header}}}</div>
+        <div class="modal__header">{{header}}</div>
        <div class="modal__body">
-            {{{body}}}
+            {{#each body as |item|}}
+                {{item}}
+                {{#unless @last}}<br/>{{/unless}}
+            {{/each}}
+            {{#if pre}}<pre class="modal__pre">{{pre}}</pre>{{/if}}
+            {{#if hint}}<p class="muted-color">{{hint}}</p>{{/if}}
            {{#if checkbox}}
            <div class="modal__check-wrap"><input type="checkbox" id="modal__check" /><label for="modal__check">{{checkbox}}</label></div>
            {{/if}}