Fitering <script> tag from chat messages

(ActionItem1730)

Fitering <script> tag from chat messages
(ActionItem1730)
Joenio Costa · Antonio Terceiro
1 parent 1abc299e
Showing 2 changed files with 2 additions and 1 deletions Show diff stats
app/views/layouts/chat.rhtml
public/javascripts/chat.js
@@ -5,7 +5,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
     <meta name="description" content="<%= @environment.name %>" />
     <link rel="shortcut icon" href="<%= image_path(theme_favicon) %>" type="image/x-icon" />
-    <%= javascript_include_tag 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
+    <%= javascript_include_tag 'prototype', 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
     <%= stylesheet_link_tag noosfero_stylesheets, :cache => 'cache' %>
     <%= stylesheet_link_tag icon_theme_stylesheet_path %>
     <%= stylesheet_link_tag theme_stylesheet_path %>
@@ -499,6 +499,7 @@ jQuery(function($) {
      if (e.keyCode == 13) {
         var jid = $(this).attr('data-to');
         var body = $(this).val();
+        body = body.stripScripts();
         Jabber.deliver_message(jid, body);
         $(this).val('');
         return false;
...	...	@@ -5,7 +5,7 @@
5	5	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
6	6	<meta name="description" content="<%= @environment.name %>" />
7	7	<link rel="shortcut icon" href="<%= image_path(theme_favicon) %>" type="image/x-icon" />
8		- <%= javascript_include_tag 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
	8	+ <%= javascript_include_tag 'prototype', 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
9	9	<%= stylesheet_link_tag noosfero_stylesheets, :cache => 'cache' %>
10	10	<%= stylesheet_link_tag icon_theme_stylesheet_path %>
11	11	<%= stylesheet_link_tag theme_stylesheet_path %>
...	...
...	...	@@ -499,6 +499,7 @@ jQuery(function($) {
499	499	if (e.keyCode == 13) {
500	500	var jid = $(this).attr('data-to');
501	501	var body = $(this).val();
	502	+ body = body.stripScripts();
502	503	Jabber.deliver_message(jid, body);
503	504	$(this).val('');
504	505	return false;
...	...