From eaad0b4de5bcd9964d89e20d4cd83a2145048804 Mon Sep 17 00:00:00 2001 From: James Lyne Date: Tue, 11 Jan 2022 17:52:37 +0000 Subject: [PATCH] Revert "Work around dynmap bugs in markup handling" This reverts commit 297a593f --- src/util.ts | 7 +++++++ src/util/dynmap.ts | 35 +++++++++++++---------------------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/src/util.ts b/src/util.ts index 1f12ee4..8909d5a 100644 --- a/src/util.ts +++ b/src/util.ts @@ -205,6 +205,13 @@ export const focus = (selector: string) => { } } +const decodeTextarea = document.createElement('textarea'); + +export const decodeHTMLEntities = (text: string) => { + decodeTextarea.innerHTML = text; + return decodeTextarea.textContent || ''; +} + export const clipboardSuccess = () => () => notify(useStore().state.messages.copyToClipboardSuccess); diff --git a/src/util/dynmap.ts b/src/util/dynmap.ts index e996d5e..d2290ef 100644 --- a/src/util/dynmap.ts +++ b/src/util/dynmap.ts @@ -28,7 +28,7 @@ import { LiveAtlasWorldDefinition } from "@/index"; import {getPoints} from "@/util/areas"; -import {endWorldNameRegex, netherWorldNameRegex, titleColoursRegex} from "@/util"; +import {decodeHTMLEntities, endWorldNameRegex, netherWorldNameRegex, titleColoursRegex} from "@/util"; import {getLinePoints} from "@/util/lines"; import LiveAtlasMapDefinition from "@/model/LiveAtlasMapDefinition"; import { @@ -292,11 +292,9 @@ export function buildMarker(data: Marker): LiveAtlasMarker { } } - return { + const marker = { label: data.label || '', - //Dynmap#2288 currently means markup:false markers are still encoded - //The planned solution for this is to always treat everything as HTML, so we'll do that here - isLabelHTML: true, + isLabelHTML: data.markup || false, location: { x: data.x || 0, y: data.y || 0, @@ -308,6 +306,13 @@ export function buildMarker(data: Marker): LiveAtlasMarker { maxZoom: typeof data.maxzoom !== 'undefined' && data.maxzoom > -1 ? data.maxzoom : undefined, popupContent: data.desc || undefined, }; + + //Fix double escaping on non-HTML labels + if(!marker.isLabelHTML) { + marker.label = decodeHTMLEntities(marker.label); + } + + return marker; } export function buildAreas(data: any): Map { @@ -342,9 +347,7 @@ export function buildArea(area: MarkerArea): LiveAtlasArea { minZoom: typeof area.minzoom !== 'undefined' && area.minzoom > -1 ? area.minzoom : undefined, maxZoom: typeof area.maxzoom !== 'undefined' && area.maxzoom > -1 ? area.maxzoom : undefined, - //Dynmap#2288 currently means markup: false markers are still encoded - //The planned solution for this is to always treat everything as HTML, so we'll do that here - isPopupHTML: true, //area.desc ? true : area.markup || false, + isPopupHTML: area.desc ? true : area.markup || false, popupContent: area.desc || area.label || undefined, }; } @@ -374,9 +377,7 @@ export function buildLine(line: MarkerLine): LiveAtlasLine { minZoom: typeof line.minzoom !== 'undefined' && line.minzoom > -1 ? line.minzoom : undefined, maxZoom: typeof line.maxzoom !== 'undefined' && line.maxzoom > -1 ? line.maxzoom : undefined, - //Dynmap#2288 currently means markup: false markers are still encoded - //The planned solution for this is to always treat everything as HTML, so we'll do that here - isPopupHTML: true, + isPopupHTML: line.desc ? true : line.markup || false, popupContent: line.desc || line.label || undefined, }; } @@ -413,9 +414,7 @@ export function buildCircle(circle: MarkerCircle): LiveAtlasCircle { minZoom: typeof circle.minzoom !== 'undefined' && circle.minzoom > -1 ? circle.minzoom : undefined, maxZoom: typeof circle.maxzoom !== 'undefined' && circle.maxzoom > -1 ? circle.maxzoom : undefined, - //Dynmap#2288 currently means markup: false markers are still encoded - //The planned solution for this is to always treat everything as HTML, so we'll do that here - isPopupHTML: true, + isPopupHTML: circle.desc ? true : circle.markup || false, popupContent: circle.desc || circle.label || undefined, }; } @@ -480,30 +479,22 @@ export function buildUpdates(data: Array, lastUpdate: Date) { removed: entry.msg.endsWith('deleted'), }; - //Dynmap currently doesn't sanitise markup: true markers when they update - //To avoid an XSS vulnerability we force isLabelHTML/isPopupHTML to false here - //FIXME: Change this to a version check when dynmap sorts this - if (entry.msg.startsWith("set")) { markerSetUpdates!.removed = update.removed; markerSetUpdates!.payload = update.removed ? undefined : buildMarkerSet(set, entry); } else if (entry.msg.startsWith("marker")) { update.payload = update.removed ? undefined : buildMarker(entry); - update.payload.isLabelHTML = false; markerSetUpdates!.markerUpdates.push(Object.freeze(update)); } else if (entry.msg.startsWith("area")) { update.payload = update.removed ? undefined : buildArea(entry); - update.payload.isPopupHTML = false; markerSetUpdates!.areaUpdates.push(Object.freeze(update)); } else if (entry.msg.startsWith("circle")) { update.payload = update.removed ? undefined : buildCircle(entry); - update.payload.isPopupHTML = false; markerSetUpdates!.circleUpdates.push(Object.freeze(update)); } else if (entry.msg.startsWith("line")) { update.payload = update.removed ? undefined : buildLine(entry); - update.payload.isPopupHTML = false; markerSetUpdates!.lineUpdates.push(Object.freeze(update)); }