Changeset 30529


Ignore:
Timestamp:
05/12/16 16:48:10 (5 years ago)
Author:
ak19
Message:

Implementing Dr Bainbridge's solution to fix the external link I'd broken in order to make external links safe/secure from XSS.

Location:
main/trunk/greenstone2/macros
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/macros/english2.dm

    r29382 r30529  
    154154_textextlinkcontent_ {The link you have selected is external to any of your currently selected collections.
    155155    If you still wish to view this link and your browser has access to
    156     the Web, you can <a href="_nexturl_">go forward</a> to this page; otherwise
    157     use your browsers "back" button to return to the previous document.}
     156    the Web, you can <a href="_nexturl_" onClick="follow\_escaped\_link(event, this.href)">go forward</a> to this page; otherwise
     157    use your browser's "back" button to return to the previous document.}
    158158
    159159_textlinknotfoundcontent_ {For reasons beyond our control, the internal link you have selected
     
    170170    If you wish to view this link in the "_2_" collection you can
    171171    <a href="_httpdoc_&amp;c=_1_&amp;cl=_cgiargclUrlsafe_&amp;d=_3_">go forward</a> to this page;
    172     otherwise use your browsers "back" button to return to the previous document.
     172    otherwise use your browser's "back" button to return to the previous document.
    173173}
    174174
  • main/trunk/greenstone2/macros/extlink.dm

    r7343 r30529  
    11# this file must be UTF-8 encoded
    22
     3# If there are external links, call this function
     4_extlinkscript_ {
     5
     6function follow_escaped_link (event, the_url) \{
     7  //http://stackoverflow.com/questions/8614438/preventdefault-inside-onclick-attribute-of-a-tag
     8  event.preventDefault(); 
     9
     10  //http://stackoverflow.com/questions/747641/what-is-the-difference-between-decodeuricomponent-and-decodeuri
     11  the_url = decodeURIComponent(the_url);
     12  var lastIndex = the_url.lastIndexOf("http://");
     13  if(the_url.indexOf("http://") !== lastIndex) \{
     14    the_url = the_url.substring(lastIndex);
     15  \}
     16  location.href = the_url;
     17 
     18\}
     19
     20}
     21
    322package extlink
     23
     24# override this to include _extlinkscript_
     25_globalscripts_{
     26<script language="javascript" type="text/javascript">
     27_extlinkscript_
     28</script>
     29
     30}
    431
    532_header_ {_htmlhead_}
Note: See TracChangeset for help on using the changeset viewer.