Show
Ignore:
Timestamp:
12.05.2016 16:48:10 (4 years ago)
Author:
ak19
Message:

Implementing Dr Bainbridge's solution to fix the external link I'd broken in order to make external links safe/secure from XSS.

Location:
main/trunk/greenstone2/macros
Files:
2 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/macros/english2.dm

    r29382 r30529  
    154154_textextlinkcontent_ {The link you have selected is external to any of your currently selected collections. 
    155155    If you still wish to view this link and your browser has access to  
    156     the Web, you can <a href="_nexturl_">go forward</a> to this page; otherwise  
    157     use your browsers "back" button to return to the previous document.} 
     156    the Web, you can <a href="_nexturl_" onClick="follow\_escaped\_link(event, this.href)">go forward</a> to this page; otherwise  
     157    use your browser's "back" button to return to the previous document.} 
    158158 
    159159_textlinknotfoundcontent_ {For reasons beyond our control, the internal link you have selected  
     
    170170    If you wish to view this link in the "_2_" collection you can  
    171171    <a href="_httpdoc_&amp;c=_1_&amp;cl=_cgiargclUrlsafe_&amp;d=_3_">go forward</a> to this page;  
    172     otherwise use your browsers "back" button to return to the previous document. 
     172    otherwise use your browser's "back" button to return to the previous document. 
    173173} 
    174174 
  • main/trunk/greenstone2/macros/extlink.dm

    r7343 r30529  
    11# this file must be UTF-8 encoded 
    22 
     3# If there are external links, call this function 
     4_extlinkscript_ { 
     5 
     6function follow_escaped_link (event, the_url) \{ 
     7  //http://stackoverflow.com/questions/8614438/preventdefault-inside-onclick-attribute-of-a-tag 
     8  event.preventDefault();   
     9 
     10  //http://stackoverflow.com/questions/747641/what-is-the-difference-between-decodeuricomponent-and-decodeuri 
     11  the_url = decodeURIComponent(the_url); 
     12  var lastIndex = the_url.lastIndexOf("http://"); 
     13  if(the_url.indexOf("http://") !== lastIndex) \{ 
     14    the_url = the_url.substring(lastIndex); 
     15  \} 
     16  location.href = the_url; 
     17   
     18\} 
     19 
     20} 
     21 
    322package extlink 
     23 
     24# override this to include _extlinkscript_ 
     25_globalscripts_{ 
     26<script language="javascript" type="text/javascript"> 
     27_extlinkscript_ 
     28</script> 
     29 
     30} 
    431 
    532_header_ {_htmlhead_}