Commit 3ec3cf64 by vkaracic

Added sanitization of id names

This is a fix for
https://openedx.atlassian.net/browse/TNL-394
escaped all escapable characters in id name strings.
parent f9cb0924
...@@ -14,6 +14,12 @@ define(['backbone', 'jquery', 'js/staff_debug_actions'], ...@@ -14,6 +14,12 @@ define(['backbone', 'jquery', 'js/staff_debug_actions'],
}); });
}); });
describe('sanitize_string', function () {
it('escapes escapable characters in a string', function () {
expect(StaffDebug.sanitized_string('.*+?^:${}()|][')).toBe('\\.\\*\\+\\?\\^\\:\\$\\{\\}\\(\\)\\|\\]\\[');
});
});
describe('get_user', function () { describe('get_user', function () {
it('gets the placeholder username if input field is empty', function () { it('gets the placeholder username if input field is empty', function () {
......
...@@ -11,7 +11,12 @@ var StaffDebug = (function(){ ...@@ -11,7 +11,12 @@ var StaffDebug = (function(){
return url; return url;
} }
sanitized_string = function(string) {
return string.replace(/[.*+?^:${}()|[\]\\]/g, "\\$&");
}
get_user = function(locname){ get_user = function(locname){
locname = sanitized_string(locname);
var uname = $('#sd_fu_' + locname).val(); var uname = $('#sd_fu_' + locname).val();
if (uname==""){ if (uname==""){
uname = $('#sd_fu_' + locname).attr('placeholder'); uname = $('#sd_fu_' + locname).attr('placeholder');
...@@ -108,7 +113,8 @@ var StaffDebug = (function(){ ...@@ -108,7 +113,8 @@ var StaffDebug = (function(){
do_idash_action: do_idash_action, do_idash_action: do_idash_action,
get_current_url: get_current_url, get_current_url: get_current_url,
get_url: get_url, get_url: get_url,
get_user: get_user get_user: get_user,
sanitized_string:sanitized_string
} }
})(); })();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment