From a03bf95893b4f80bd03eddbb83fb1565ff6830b7 Mon Sep 17 00:00:00 2001 From: Timothy Lim Date: Sat, 16 Apr 2016 22:44:04 +0100 Subject: [PATCH 1/3] Create function for escaping special characters --- js/flashcards.js | 11 +++++++++++ library.json | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/js/flashcards.js b/js/flashcards.js index e0eff97..33da6d9 100644 --- a/js/flashcards.js +++ b/js/flashcards.js @@ -153,6 +153,7 @@ H5P.Flashcards = (function ($) { } var correct = correctAnswer.toLowerCase().split('/'); var userAnswer = H5P.trim($input.val()).toLowerCase(); + userAnswer = escapeHtml(userAnswer); var userCorrect = false; for (var i = 0; i < correct.length; i++) { if (H5P.trim(correct[i]) === userAnswer) { @@ -198,6 +199,16 @@ H5P.Flashcards = (function ($) { if (index === 0) { this.setCurrent($card); } + + // Escape special html characters + function escapeHtml(unsafe) { + return unsafe + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + } }; C.prototype.setProgress = function () { diff --git a/library.json b/library.json index e27dd58..e1ccc8e 100644 --- a/library.json +++ b/library.json @@ -3,7 +3,7 @@ "description": "Create cards where the user has to guess the answer.", "majorVersion": 1, "minorVersion": 2, - "patchVersion": 3, + "patchVersion": 4, "runnable": 1, "author": "Joubel AS", "coreApi": { From 7c9bbcd80a3f91a1a24fa1fbdccc96b0e82cfa08 Mon Sep 17 00:00:00 2001 From: Timothy Lim Date: Sat, 16 Apr 2016 22:48:46 +0100 Subject: [PATCH 2/3] Update flashcards.js --- js/flashcards.js | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/js/flashcards.js b/js/flashcards.js index 33da6d9..e0eaccd 100644 --- a/js/flashcards.js +++ b/js/flashcards.js @@ -200,15 +200,18 @@ H5P.Flashcards = (function ($) { this.setCurrent($card); } - // Escape special html characters - function escapeHtml(unsafe) { - return unsafe - .replace(/&/g, "&") - .replace(//g, ">") - .replace(/"/g, """) - .replace(/'/g, "'"); - } + /** + * Escape special html characters + */ + function escapeHtml(unsafe) { + return unsafe + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + } + }; C.prototype.setProgress = function () { From 5ab559f23ff6c25d2457392a8f4c746889abf101 Mon Sep 17 00:00:00 2001 From: Timothy Lim Date: Sun, 17 Apr 2016 17:44:25 +0100 Subject: [PATCH 3/3] Refactor escape html function to have the logic inline --- js/flashcards.js | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/js/flashcards.js b/js/flashcards.js index 33da6d9..b31bd6b 100644 --- a/js/flashcards.js +++ b/js/flashcards.js @@ -153,7 +153,14 @@ H5P.Flashcards = (function ($) { } var correct = correctAnswer.toLowerCase().split('/'); var userAnswer = H5P.trim($input.val()).toLowerCase(); - userAnswer = escapeHtml(userAnswer); + + // Escape html characters + userAnswer = userAnswer.replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + var userCorrect = false; for (var i = 0; i < correct.length; i++) { if (H5P.trim(correct[i]) === userAnswer) { @@ -200,15 +207,6 @@ H5P.Flashcards = (function ($) { this.setCurrent($card); } - // Escape special html characters - function escapeHtml(unsafe) { - return unsafe - .replace(/&/g, "&") - .replace(//g, ">") - .replace(/"/g, """) - .replace(/'/g, "'"); - } }; C.prototype.setProgress = function () {