Ignore:
Timestamp:
2016-05-12T16:48:10+12:00 (8 years ago)
Author:
ak19
Message:

Implementing Dr Bainbridge's solution to fix the external link I'd broken in order to make external links safe/secure from XSS.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/extlink.dm

    r7343 r30529  
    11# this file must be UTF-8 encoded
    22
     3# If there are external links, call this function
     4_extlinkscript_ {
     5
     6function follow_escaped_link (event, the_url) \{
     7  //http://stackoverflow.com/questions/8614438/preventdefault-inside-onclick-attribute-of-a-tag
     8  event.preventDefault(); 
     9
     10  //http://stackoverflow.com/questions/747641/what-is-the-difference-between-decodeuricomponent-and-decodeuri
     11  the_url = decodeURIComponent(the_url);
     12  var lastIndex = the_url.lastIndexOf("http://");
     13  if(the_url.indexOf("http://") !== lastIndex) \{
     14    the_url = the_url.substring(lastIndex);
     15  \}
     16  location.href = the_url;
     17 
     18\}
     19
     20}
     21
    322package extlink
     23
     24# override this to include _extlinkscript_
     25_globalscripts_{
     26<script language="javascript" type="text/javascript">
     27_extlinkscript_
     28</script>
     29
     30}
    431
    532_header_ {_htmlhead_}
Note: See TracChangeset for help on using the changeset viewer.