Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

- Updates import to santize user input

Browse Source
This commit is contained in:
Vlad
2016-03-15 13:06:21 -04:00
parent a1441dfde6
commit 74254d7e2a
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
assets/js/src/subscribers/importExport/import.js
View File

@@ -7,7 +7,8 @@ define(
'handlebars', 'handlebars',
'papaparse', 'papaparse',
'select2', 'select2',
'asyncqueue' 'asyncqueue',
'xss'
], ],
function ( function (
Backbone, Backbone,
@@ -16,7 +17,8 @@ define(
MailPoet, MailPoet,
Handlebars, Handlebars,
Papa, Papa,
AsyncQueue AsyncQueue,
xss
) { ) {
if (!jQuery('#mailpoet_subscribers_import').length) { if (!jQuery('#mailpoet_subscribers_import').length) {
return; return;
@@ -355,7 +357,7 @@ define(
complete: function (CSV) { complete: function (CSV) {
for (var rowCount in CSV.data) { for (var rowCount in CSV.data) {
var rowData = CSV.data[rowCount].map(function (el) { var rowData = CSV.data[rowCount].map(function (el) {
return el.trim(); return filterXSS(el.trim());
}), }),
rowColumnCount = rowData.length; rowColumnCount = rowData.length;
// set the number of row elements based on the first non-empty row // set the number of row elements based on the first non-empty row

3
package.json
View File

@@ -34,7 +34,8 @@
"spectrum-colorpicker": "^1.6.2", "spectrum-colorpicker": "^1.6.2",
"tinymce": "4.1.10", "tinymce": "4.1.10",
"underscore": "1.8.3", "underscore": "1.8.3",
"velocity-animate": "1.2.3" "velocity-animate": "1.2.3",
"xss": "^0.2.10"
}, },
"devDependencies": { "devDependencies": {
"expose-loader": "latest", "expose-loader": "latest",

2
views/subscribers/importExport/import/step2.html
View File

@@ -126,7 +126,7 @@
</td> </td>
{{#.}} {{#.}}
<td> <td>
{{{this}}} {{this}}
</td> </td>
{{/.}} {{/.}}
</tr> </tr>