Skirda/LiveAtlas
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "Work around dynmap bugs in markup handling"

Browse Source 
This reverts commit 297a593f
This commit is contained in:
James Lyne 2022-01-11 17:52:37 +00:00
parent ff77f09025
commit eaad0b4de5
2 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/util.ts
View File

@ -205,6 +205,13 @@ export const focus = (selector: string) => {
} }
} }
const decodeTextarea = document.createElement('textarea');
export const decodeHTMLEntities = (text: string) => {
decodeTextarea.innerHTML = text;
return decodeTextarea.textContent || '';
}
export const clipboardSuccess = () => () => notify(useStore().state.messages.copyToClipboardSuccess); export const clipboardSuccess = () => () => notify(useStore().state.messages.copyToClipboardSuccess);

35
src/util/dynmap.ts
View File

@ -28,7 +28,7 @@ import {
LiveAtlasWorldDefinition LiveAtlasWorldDefinition
} from "@/index"; } from "@/index";
import {getPoints} from "@/util/areas"; import {getPoints} from "@/util/areas";
import {endWorldNameRegex, netherWorldNameRegex, titleColoursRegex} from "@/util"; import {decodeHTMLEntities, endWorldNameRegex, netherWorldNameRegex, titleColoursRegex} from "@/util";
import {getLinePoints} from "@/util/lines"; import {getLinePoints} from "@/util/lines";
import LiveAtlasMapDefinition from "@/model/LiveAtlasMapDefinition"; import LiveAtlasMapDefinition from "@/model/LiveAtlasMapDefinition";
import { import {
@ -292,11 +292,9 @@ export function buildMarker(data: Marker): LiveAtlasMarker {
} }
} }
return { const marker = {
label: data.label || '', label: data.label || '',
//Dynmap#2288 currently means markup:false markers are still encoded isLabelHTML: data.markup || false,
//The planned solution for this is to always treat everything as HTML, so we'll do that here
isLabelHTML: true,
location: { location: {
x: data.x || 0, x: data.x || 0,
y: data.y || 0, y: data.y || 0,
@ -308,6 +306,13 @@ export function buildMarker(data: Marker): LiveAtlasMarker {
maxZoom: typeof data.maxzoom !== 'undefined' && data.maxzoom > -1 ? data.maxzoom : undefined, maxZoom: typeof data.maxzoom !== 'undefined' && data.maxzoom > -1 ? data.maxzoom : undefined,
popupContent: data.desc || undefined, popupContent: data.desc || undefined,
}; };
//Fix double escaping on non-HTML labels
if(!marker.isLabelHTML) {
marker.label = decodeHTMLEntities(marker.label);
}
return marker;
} }
export function buildAreas(data: any): Map<string, LiveAtlasArea> { export function buildAreas(data: any): Map<string, LiveAtlasArea> {
@ -342,9 +347,7 @@ export function buildArea(area: MarkerArea): LiveAtlasArea {
minZoom: typeof area.minzoom !== 'undefined' && area.minzoom > -1 ? area.minzoom : undefined, minZoom: typeof area.minzoom !== 'undefined' && area.minzoom > -1 ? area.minzoom : undefined,
maxZoom: typeof area.maxzoom !== 'undefined' && area.maxzoom > -1 ? area.maxzoom : undefined, maxZoom: typeof area.maxzoom !== 'undefined' && area.maxzoom > -1 ? area.maxzoom : undefined,
//Dynmap#2288 currently means markup: false markers are still encoded isPopupHTML: area.desc ? true : area.markup || false,
//The planned solution for this is to always treat everything as HTML, so we'll do that here
isPopupHTML: true, //area.desc ? true : area.markup || false,
popupContent: area.desc || area.label || undefined, popupContent: area.desc || area.label || undefined,
}; };
} }
@ -374,9 +377,7 @@ export function buildLine(line: MarkerLine): LiveAtlasLine {
minZoom: typeof line.minzoom !== 'undefined' && line.minzoom > -1 ? line.minzoom : undefined, minZoom: typeof line.minzoom !== 'undefined' && line.minzoom > -1 ? line.minzoom : undefined,
maxZoom: typeof line.maxzoom !== 'undefined' && line.maxzoom > -1 ? line.maxzoom : undefined, maxZoom: typeof line.maxzoom !== 'undefined' && line.maxzoom > -1 ? line.maxzoom : undefined,
//Dynmap#2288 currently means markup: false markers are still encoded isPopupHTML: line.desc ? true : line.markup || false,
//The planned solution for this is to always treat everything as HTML, so we'll do that here
isPopupHTML: true,
popupContent: line.desc || line.label || undefined, popupContent: line.desc || line.label || undefined,
}; };
} }
@ -413,9 +414,7 @@ export function buildCircle(circle: MarkerCircle): LiveAtlasCircle {
minZoom: typeof circle.minzoom !== 'undefined' && circle.minzoom > -1 ? circle.minzoom : undefined, minZoom: typeof circle.minzoom !== 'undefined' && circle.minzoom > -1 ? circle.minzoom : undefined,
maxZoom: typeof circle.maxzoom !== 'undefined' && circle.maxzoom > -1 ? circle.maxzoom : undefined, maxZoom: typeof circle.maxzoom !== 'undefined' && circle.maxzoom > -1 ? circle.maxzoom : undefined,
//Dynmap#2288 currently means markup: false markers are still encoded isPopupHTML: circle.desc ? true : circle.markup || false,
//The planned solution for this is to always treat everything as HTML, so we'll do that here
isPopupHTML: true,
popupContent: circle.desc || circle.label || undefined, popupContent: circle.desc || circle.label || undefined,
}; };
} }
@ -480,30 +479,22 @@ export function buildUpdates(data: Array<any>, lastUpdate: Date) {
removed: entry.msg.endsWith('deleted'), removed: entry.msg.endsWith('deleted'),
}; };
//Dynmap currently doesn't sanitise markup: true markers when they update
//To avoid an XSS vulnerability we force isLabelHTML/isPopupHTML to false here
//FIXME: Change this to a version check when dynmap sorts this
if (entry.msg.startsWith("set")) { if (entry.msg.startsWith("set")) {
markerSetUpdates!.removed = update.removed; markerSetUpdates!.removed = update.removed;
markerSetUpdates!.payload = update.removed ? undefined : buildMarkerSet(set, entry); markerSetUpdates!.payload = update.removed ? undefined : buildMarkerSet(set, entry);
} else if (entry.msg.startsWith("marker")) { } else if (entry.msg.startsWith("marker")) {
update.payload = update.removed ? undefined : buildMarker(entry); update.payload = update.removed ? undefined : buildMarker(entry);
update.payload.isLabelHTML = false;
markerSetUpdates!.markerUpdates.push(Object.freeze(update)); markerSetUpdates!.markerUpdates.push(Object.freeze(update));
} else if (entry.msg.startsWith("area")) { } else if (entry.msg.startsWith("area")) {
update.payload = update.removed ? undefined : buildArea(entry); update.payload = update.removed ? undefined : buildArea(entry);
update.payload.isPopupHTML = false;
markerSetUpdates!.areaUpdates.push(Object.freeze(update)); markerSetUpdates!.areaUpdates.push(Object.freeze(update));
} else if (entry.msg.startsWith("circle")) { } else if (entry.msg.startsWith("circle")) {
update.payload = update.removed ? undefined : buildCircle(entry); update.payload = update.removed ? undefined : buildCircle(entry);
update.payload.isPopupHTML = false;
markerSetUpdates!.circleUpdates.push(Object.freeze(update)); markerSetUpdates!.circleUpdates.push(Object.freeze(update));
} else if (entry.msg.startsWith("line")) { } else if (entry.msg.startsWith("line")) {
update.payload = update.removed ? undefined : buildLine(entry); update.payload = update.removed ? undefined : buildLine(entry);
update.payload.isPopupHTML = false;
markerSetUpdates!.lineUpdates.push(Object.freeze(update)); markerSetUpdates!.lineUpdates.push(Object.freeze(update));
} }