Revert "Fixes: U4-9217 - Sanitize tags before storing them in the database"

This reverts commit 47c8e6854e.
2017-01-05 17:14:14 +01:00
parent e6b1ecb851
commit a10b59d03b
3 changed files with 2 additions and 27 deletions
--- a/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js
+++ b/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js
@@ -69,22 +69,6 @@
        };
    }

-    if (!String.prototype.htmlEncode) {
-        /** htmlEncode extension method for string */
-        String.prototype.htmlEncode = function () {
-            //create a in-memory div, set it's inner text(which jQuery automatically encodes)
-            //then grab the encoded contents back out.  The div never exists on the page.
-            return $('<div/>').text(this).html();
-        };
-    }
-
-    if (!String.prototype.htmlDecode) {
-        /** htmlDecode extension method for string */
-        String.prototype.htmlDecode = function () {
-            return $('<div/>').html(this).text();
-        };
-    }
-
    if (!String.prototype.startsWith) {
        /** startsWith extension method for string */
        String.prototype.startsWith = function (str) {            
--- a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js
@@ -1,6 +1,6 @@
 angular.module("umbraco")
 .controller("Umbraco.PropertyEditors.TagsController",
-    function ($rootScope, $scope, $log, assetsService, umbRequestHelper, angularHelper, $timeout, $element, $sanitize) {
+    function ($rootScope, $scope, $log, assetsService, umbRequestHelper, angularHelper, $timeout, $element) {

        var $typeahead;

@@ -41,7 +41,6 @@ angular.module("umbraco")

            //Helper method to add a tag on enter or on typeahead select
            function addTag(tagToAdd) {
-                tagToAdd = String(tagToAdd).htmlEncode();
                if (tagToAdd != null && tagToAdd.length > 0) {
                    if ($scope.model.value.indexOf(tagToAdd) < 0) {
                        $scope.model.value.push(tagToAdd);
--- a/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs
+++ b/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs
@@ -1,7 +1,6 @@
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using System.Net;
 using System.Runtime.InteropServices;
 using Newtonsoft.Json.Linq;
 using Umbraco.Core;
@@ -61,14 +60,7 @@ namespace Umbraco.Web.PropertyEditors
            public override object ConvertEditorToDb(ContentPropertyData editorValue, object currentValue)
            {
                var json = editorValue.Value as JArray;
-                return json == null 
-                    ? null 
-                    : json.Select(x => x.Value<string>()).Where(x => x.IsNullOrWhiteSpace() == false)
-                        //First we will decode it as html because we know that if this is not a malicious post that the value is
-                        // already Html encoded by the tags JavaScript controller. Then we'll re-Html Encode it to ensure that in case this
-                        // is a malicious post (i.e. someone is submitting data manually by modifying the request).
-                        .Select(WebUtility.HtmlDecode)
-                        .Select(WebUtility.HtmlEncode);
+                return json == null ? null : json.Select(x => x.Value<string>());
            }

            /// <summary>