Merge pull request #1308 from sharelatex/spd-open-in-overleaf-form-character-encoding

Open in Overleaf: Fix character-encoding problems when passing content via 'snip' parameter GitOrigin-RevId: d5d9faef8583696dfe7c94e4b5dfd88fc5bf6f4a
2024-09-16 02:52:31 -04:00 · 2019-01-03 10:01:06 +00:00 · 2019-01-03 10:01:06 +00:00 · df2dd2cb80
commit df2dd2cb80
parent 93bf6fcb19
2 changed files with 22 additions and 0 deletions
--- a/services/web/app/coffee/Features/Helpers/StringHelper.coffee
+++ b/services/web/app/coffee/Features/Helpers/StringHelper.coffee
@ -0,0 +1,18 @@
+JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/g
+
+JSON_ESCAPE =
+	'&': '\\u0026'
+	'>': '\\u003e'
+	'<': '\\u003c'
+	'\u2028': '\\u2028'
+	'\u2029': '\\u2029'
+
+module.exports = StringHelper =
+	# stringifies and escapes a json object for use in a script. This ensures that &, < and > characters are escaped,
+	# along with quotes. This ensures that the string can be safely rendered into HTML. See rationale at:
+	# https://api.rubyonrails.org/classes/ERB/Util.html#method-c-json_escape
+	# and implementation lifted from:
+	# https://github.com/ember-fastboot/fastboot/blob/cafd96c48564d8384eb83dc908303dba8ece10fd/src/ember-app.js#L496-L510
+	stringifyJsonForScript: (object) ->
+		return JSON.stringify(object).replace JSON_ESCAPE_REGEXP, (match) ->
+			return JSON_ESCAPE[match]
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@ -226,6 +226,10 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
 			return email
 		next()

+	webRouter.use (req, res, next) ->
+		res.locals.StringHelper = require('../Features/Helpers/StringHelper')
+		next()
+
 	webRouter.use (req, res, next)->
 		res.locals.formatProjectPublicAccessLevel = (privilegeLevel)->
 			formatedPrivileges = private:"Private", readOnly:"Public: Read Only", readAndWrite:"Public: Read and Write"