loleaflet/src/layer/marker/Annotation.js | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
New commits:
commit 69d7e374bed61e142664345ddf40d0d30ef2b3af
Author: Pranav Kant <pran...@collabora.co.uk>
Date: Tue Jun 6 18:21:24 2017 +0530
Allow links in comments
Change-Id: I033ab7fe09ece8da10bc61fc2102cce80c1e24b0
(cherry picked from commit 5e9ed0c8cb9ced0854286a9ad51e0ec763360a0a)
Reviewed-on: https://gerrit.libreoffice.org/38449
Reviewed-by: Jan Holesovsky <ke...@collabora.com>
Tested-by: Jan Holesovsky <ke...@collabora.com>
diff --git a/loleaflet/src/layer/marker/Annotation.js
b/loleaflet/src/layer/marker/Annotation.js
index 8b3e0653..e60c4379 100644
--- a/loleaflet/src/layer/marker/Annotation.js
+++ b/loleaflet/src/layer/marker/Annotation.js
@@ -286,8 +286,14 @@ L.Annotation = L.Layer.extend({
},
_updateContent: function () {
- var linkedText = Autolinker.link(this._data.text);
- $(this._contentText).text(linkedText);
+ // .text() method will escape the string, does not interpret
the string as HTML
+ $(this._contentText).text(this._data.text);
+ // Get the escaped HTML out and find for possible, useful links
+ var linkedText = Autolinker.link($(this._contentText).html());
+ // Set the property of text field directly. This is insecure
otherwise because it doesn't escape the input
+ // But we have already escaped the input before and only thing
we are adding on top of that is Autolinker
+ // generated text.
+ this._contentText.innerHTML = linkedText;
// Original unlinked text
this._contentText.origText = this._data.text;
$(this._nodeModifyText).text(this._data.text);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
