properly sanitizing style attrs
parent
0b0829eebd
commit
5be8246a20
|
@ -77,7 +77,6 @@ MD.Import = function(){
|
|||
|
||||
function loadSvgString(str, callback) {
|
||||
var success = svgCanvas.setSvgString(str) !== false;
|
||||
|
||||
callback = callback || $.noop;
|
||||
if(success) {
|
||||
callback(true);
|
||||
|
|
|
@ -144,12 +144,12 @@ svgedit.sanitize.sanitizeSvg = function(node) {
|
|||
// we only care about element nodes
|
||||
// automatically return for all comment, etc nodes
|
||||
// for text, we do a whitespace trim
|
||||
if (node.nodeType == 3) {
|
||||
if (node.nodeType === 3) {
|
||||
node.nodeValue = node.nodeValue.replace(/^\s+|\s+$/g, "");
|
||||
// Remove empty text nodes
|
||||
if(!node.nodeValue.length) node.parentNode.removeChild(node);
|
||||
}
|
||||
if (node.nodeType != 1) return;
|
||||
if (node.nodeType !== 1) return;
|
||||
|
||||
var doc = node.ownerDocument;
|
||||
var parent = node.parentNode;
|
||||
|
@ -161,7 +161,6 @@ svgedit.sanitize.sanitizeSvg = function(node) {
|
|||
|
||||
// if this element is allowed
|
||||
if (allowedAttrs != undefined) {
|
||||
|
||||
var se_attrs = [];
|
||||
|
||||
var i = node.attributes.length;
|
||||
|
@ -201,16 +200,17 @@ svgedit.sanitize.sanitizeSvg = function(node) {
|
|||
}
|
||||
|
||||
// for the style attribute, rewrite it in terms of XML presentational attributes
|
||||
if (attrName == "style") {
|
||||
var props = attr.nodeValue.replace(' ', '').split(";"),
|
||||
p = props.length;
|
||||
while(p--) {
|
||||
var nv = props[p].split(":");
|
||||
// now check that this attribute is supported
|
||||
if (allowedAttrs.indexOf(nv[0]) >= 0) {
|
||||
node.setAttribute(nv[0],nv[1]);
|
||||
}
|
||||
}
|
||||
if (attrName === "style") {
|
||||
const props = attr.nodeValue
|
||||
.split(";")
|
||||
.map(prop => prop.trim())
|
||||
.filter(Boolean)
|
||||
.forEach(prop => {
|
||||
var nv = prop.split(":");
|
||||
if (allowedAttrs.indexOf(nv[0]) >= 0) {
|
||||
node.setAttribute(nv[0],nv[1]);
|
||||
}
|
||||
})
|
||||
node.removeAttribute('style');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5754,29 +5754,22 @@ this.styleToAttr = function(doc) {
|
|||
// Returns:
|
||||
// This function returns false if the set was unsuccessful, true otherwise.
|
||||
this.setSvgString = function(xmlString) {
|
||||
console.log("opened")
|
||||
try {
|
||||
// convert string into XML document
|
||||
var newDoc = svgedit.utilities.text2xml(xmlString);
|
||||
this.prepareSvg(newDoc);
|
||||
|
||||
var batchCmd = new BatchCommand("Change Source");
|
||||
|
||||
this.prepareSvg(newDoc);
|
||||
newDoc = this.styleToAttr(newDoc);
|
||||
|
||||
|
||||
// remove old svg document
|
||||
var nextSibling = svgcontent.nextSibling;
|
||||
var oldzoom = svgroot.removeChild(svgcontent);
|
||||
batchCmd.addSubCommand(new RemoveElementCommand(oldzoom, nextSibling, svgroot));
|
||||
|
||||
// set new svg document
|
||||
// If DOM3 adoptNode() available, use it. Otherwise fall back to DOM2 importNode()
|
||||
if(svgdoc.adoptNode) {
|
||||
svgcontent = svgdoc.adoptNode(newDoc.documentElement);
|
||||
}
|
||||
else {
|
||||
svgcontent = svgdoc.importNode(newDoc.documentElement, true);
|
||||
}
|
||||
|
||||
svgcontent = svgdoc.adoptNode(newDoc.documentElement);
|
||||
|
||||
svgroot.appendChild(svgcontent);
|
||||
var content = $(svgcontent);
|
||||
|
|
Loading…
Reference in New Issue