From a10b59d03b16b56e80191bceb160d32a77de0c35 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Thu, 5 Jan 2017 17:14:14 +0100 Subject: [PATCH] Revert "Fixes: U4-9217 - Sanitize tags before storing them in the database" This reverts commit 47c8e6854ee2aafc99fa7fc0b7d901fc59020adb. --- .../lib/umbraco/Extensions.js | 16 ---------------- .../propertyeditors/tags/tags.controller.js | 3 +-- .../PropertyEditors/TagsPropertyEditor.cs | 10 +--------- 3 files changed, 2 insertions(+), 27 deletions(-) diff --git a/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js b/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js index 3c148f0535..b70a6b12bc 100644 --- a/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js +++ b/src/Umbraco.Web.UI.Client/lib/umbraco/Extensions.js @@ -69,22 +69,6 @@ }; } - if (!String.prototype.htmlEncode) { - /** htmlEncode extension method for string */ - String.prototype.htmlEncode = function () { - //create a in-memory div, set it's inner text(which jQuery automatically encodes) - //then grab the encoded contents back out. The div never exists on the page. - return $('
').text(this).html(); - }; - } - - if (!String.prototype.htmlDecode) { - /** htmlDecode extension method for string */ - String.prototype.htmlDecode = function () { - return $('
').html(this).text(); - }; - } - if (!String.prototype.startsWith) { /** startsWith extension method for string */ String.prototype.startsWith = function (str) { diff --git a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js index f965b812d8..a1e48bbc99 100644 --- a/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js +++ b/src/Umbraco.Web.UI.Client/src/views/propertyeditors/tags/tags.controller.js @@ -1,6 +1,6 @@ angular.module("umbraco") .controller("Umbraco.PropertyEditors.TagsController", - function ($rootScope, $scope, $log, assetsService, umbRequestHelper, angularHelper, $timeout, $element, $sanitize) { + function ($rootScope, $scope, $log, assetsService, umbRequestHelper, angularHelper, $timeout, $element) { var $typeahead; @@ -41,7 +41,6 @@ angular.module("umbraco") //Helper method to add a tag on enter or on typeahead select function addTag(tagToAdd) { - tagToAdd = String(tagToAdd).htmlEncode(); if (tagToAdd != null && tagToAdd.length > 0) { if ($scope.model.value.indexOf(tagToAdd) < 0) { $scope.model.value.push(tagToAdd); diff --git a/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs b/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs index be228bf3ef..b44c65b157 100644 --- a/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs +++ b/src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs @@ -1,7 +1,6 @@ using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Linq; -using System.Net; using System.Runtime.InteropServices; using Newtonsoft.Json.Linq; using Umbraco.Core; @@ -61,14 +60,7 @@ namespace Umbraco.Web.PropertyEditors public override object ConvertEditorToDb(ContentPropertyData editorValue, object currentValue) { var json = editorValue.Value as JArray; - return json == null - ? null - : json.Select(x => x.Value()).Where(x => x.IsNullOrWhiteSpace() == false) - //First we will decode it as html because we know that if this is not a malicious post that the value is - // already Html encoded by the tags JavaScript controller. Then we'll re-Html Encode it to ensure that in case this - // is a malicious post (i.e. someone is submitting data manually by modifying the request). - .Select(WebUtility.HtmlDecode) - .Select(WebUtility.HtmlEncode); + return json == null ? null : json.Select(x => x.Value()); } ///