Enter a new title for this album: ${ input }
` else msg = `Enter a title for all ${ albumIDs.length } selected albums: ${ input }
` @@ -327,9 +323,6 @@ album.setDescription = function(albumID) { basicModal.close() - // Remove html from input - description = lychee.removeHTML(description) - if (visible.album()) { album.json.description = description view.album.description() @@ -349,7 +342,7 @@ album.setDescription = function(albumID) { } basicModal.show({ - body: `Please enter a description for this album:
`, + body: `Please enter a description for this album:
`, buttons: { action: { title: 'Set Description', diff --git a/src/scripts/lychee.js b/src/scripts/lychee.js index a60bbb8..a92e62d 100644 --- a/src/scripts/lychee.js +++ b/src/scripts/lychee.js @@ -312,15 +312,6 @@ lychee.animate = function(obj, animation) { } -lychee.escapeHTML = function(s) { - - return s.replace(/&/g, '&') - .replace(/"/g, '"') - .replace(//g, '>') - -} - lychee.retinize = function(path = '') { let pixelRatio = window.devicePixelRatio, @@ -385,14 +376,19 @@ lychee.getEventName = function() { } -lychee.removeHTML = function(html = '') { +lychee.escapeHTML = function(html = '') { - if (html==='') return html + // Ensure that html is a string + html += '' - let tmp = document.createElement('DIV') - tmp.innerHTML = html + // Escape all critical characters + html = html.replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, ''') - return (tmp.textContent || tmp.innerText) + return html } diff --git a/src/scripts/photo.js b/src/scripts/photo.js index b1cc1f0..31c47d9 100644 --- a/src/scripts/photo.js +++ b/src/scripts/photo.js @@ -285,7 +285,6 @@ photo.setTitle = function(photoIDs) { // Get old title if only one photo is selected if (photo.json) oldTitle = photo.json.title else if (album.json) oldTitle = album.json.content[photoIDs].title - oldTitle = oldTitle.replace(/'/g, ''') } @@ -295,9 +294,6 @@ photo.setTitle = function(photoIDs) { let newTitle = data.title - // Remove html from input - newTitle = lychee.removeHTML(newTitle) - if (visible.photo()) { photo.json.title = (newTitle==='' ? 'Untitled' : newTitle) view.photo.title() @@ -321,7 +317,7 @@ photo.setTitle = function(photoIDs) { } - let input = `` + let input = `` if (photoIDs.length===1) msg = `Enter a new title for this photo: ${ input }
` else msg = `Enter a title for all ${ photoIDs.length } selected photos: ${ input }
` @@ -465,7 +461,7 @@ photo.setPublic = function(photoID, e) { photo.setDescription = function(photoID) { - let oldDescription = photo.json.description.replace(/'/g, ''') + let oldDescription = photo.json.description const action = function(data) { @@ -473,9 +469,6 @@ photo.setDescription = function(photoID) { let description = data.description - // Remove html from input - description = lychee.removeHTML(description) - if (visible.photo()) { photo.json.description = description view.photo.description() @@ -495,7 +488,7 @@ photo.setDescription = function(photoID) { } basicModal.show({ - body: `Enter a description for this photo:
`, + body: `Enter a description for this photo:
`, buttons: { action: { title: 'Set Description', @@ -571,9 +564,6 @@ photo.setTags = function(photoIDs, tags) { tags = tags.replace(/(\ ,\ )|(\ ,)|(,\ )|(,{1,}\ {0,})|(,$|^,)/g, ',') tags = tags.replace(/,$|^,|(\ ){0,}$/g, '') - // Remove html from input - tags = lychee.removeHTML(tags) - if (visible.photo()) { photo.json.tags = tags view.photo.tags()