Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Escape values in Button block template

Browse Source 
[MAILPOET-5235]
This commit is contained in:
Brezo Cordero
2023-04-14 21:50:40 -05:00
committed by Aschepikov
parent b3e836548c
commit f54e18ca44
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
mailpoet/assets/js/src/handlebars_helpers.js
View File

@@ -159,6 +159,23 @@ Handlebars.registerHelper('getNumber', function getNumberHelper(string) {
return parseInt(string, 10); return parseInt(string, 10);
}); });
Handlebars.registerHelper('escapeURL', function escapeURLHelper(url) {
if (!url) {
return '';
}
try {
const escapedURL = new URL(url);
// eslint-disable-next-line no-script-url
if (escapedURL.protocol === 'javascript:') {
return '';
}
return escapedURL.href;
} catch (e) {
return '';
}
});
Handlebars.registerHelper( Handlebars.registerHelper(
'fontWithFallback', 'fontWithFallback',
function fontWithFallbackHelper(font) { function fontWithFallbackHelper(font) {

2
mailpoet/views/newsletter/templates/blocks/button/block.hbs
View File

@@ -1,5 +1,5 @@
<div class="mailpoet_tools"></div> <div class="mailpoet_tools"></div>
<div class="mailpoet_content"> <div class="mailpoet_content">
<a href="{{ model.url }}" class="mailpoet_editor_button" style="{{#ifCond model.styles.block.textAlign '==' 'left'}}margin: 0 auto 0 0; {{/ifCond}}{{#ifCond model.styles.block.textAlign '==' 'center'}}margin: auto; {{/ifCond}}{{#ifCond model.styles.block.textAlign '==' 'right'}}margin: 0 0 0 auto; {{/ifCond}}line-height: {{ model.styles.block.lineHeight }}; width: {{ model.styles.block.width }}; background-color: {{ model.styles.block.backgroundColor }}; color: {{ model.styles.block.fontColor }}; font-family: {{fontWithFallback model.styles.block.fontFamily }}; font-size: {{ model.styles.block.fontSize }}; font-weight: {{ model.styles.block.fontWeight }}; border: {{ model.styles.block.borderWidth }} {{ model.styles.block.borderStyle }} {{ model.styles.block.borderColor }}; border-radius: {{ model.styles.block.borderRadius }};" onClick="return false;">{{ model.text }}</a> <a href="{{escapeURL model.url}}" class="mailpoet_editor_button" style="{{#ifCond model.styles.block.textAlign '==' 'left'}}margin: 0 auto 0 0; {{/ifCond}}{{#ifCond model.styles.block.textAlign '==' 'center'}}margin: auto; {{/ifCond}}{{#ifCond model.styles.block.textAlign '==' 'right'}}margin: 0 0 0 auto; {{/ifCond}}line-height: {{ model.styles.block.lineHeight }}; width: {{ model.styles.block.width }}; background-color: {{ model.styles.block.backgroundColor }}; color: {{ model.styles.block.fontColor }}; font-family: {{fontWithFallback model.styles.block.fontFamily }}; font-size: {{ model.styles.block.fontSize }}; font-weight: {{ model.styles.block.fontWeight }}; border: {{ model.styles.block.borderWidth }} {{ model.styles.block.borderStyle }} {{ model.styles.block.borderColor }}; border-radius: {{ model.styles.block.borderRadius }};" onClick="return false;">{{ model.text }}</a>
</div> </div>
<div class="mailpoet_block_highlight"></div> <div class="mailpoet_block_highlight"></div>