Item12179: replacing unsafe inline js with json

foswiki · Sep 22, 2015 · e48d3e3 · e48d3e3
1 parent f8ede9c
commit e48d3e3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 9 deletions.
diff --git a/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin/NATEDIT.pm b/NatEditPlugin/lib/Foswiki/Plugins/NatEditPlugin/NATEDIT.pm
@@ -84,13 +84,14 @@ sub init {
     Foswiki::Func::addToZone(
         "script", "NATEDIT::PREFERENCES",
         <<'HERE', "JQUERYPLUGIN::FOSWIKI::PREFERENCES" );
-<script>jQuery.extend(foswiki.preferences, { 
-  'NatEditEngine': '%NATEDIT_ENGINE{default="raw"}%',
-  'MathEnabled': %IF{"context MathModePluginEnabled or context MathJaxPluginEnabled" then="true" else="false"}%,
-  'ImagePluginEnabled': %IF{"context ImagePluginEnabled" then="true" else="false"}%,
-  'TopicInteractionPluginEnabled': %IF{"context TopicInteractionPluginEnabled" then="true" else="false"}%,
-  'FarbtasticEnabled': %IF{"context FarbtasticEnabled" then="true" else="false"}%
-});</script>
+<script class='$zone $id foswikiPreferences' type='text/json'>{ 
+  "NatEditPlugin": {
+    "MathEnabled": %IF{"context MathModePluginEnabled or context MathJaxPluginEnabled" then="true" else="false"}%,
+    "ImagePluginEnabled": %IF{"context ImagePluginEnabled" then="true" else="false"}%,
+    "TopicInteractionPluginEnabled": %IF{"context TopicInteractionPluginEnabled" then="true" else="false"}%,
+    "FarbtasticEnabled": %IF{"context FarbtasticEnabled" then="true" else="false"}%
+  }
+}</script>
 HERE
 }
 

diff --git a/NatEditPlugin/pub/System/NatEditPlugin/jquery.natedit.uncompressed.js b/NatEditPlugin/pub/System/NatEditPlugin/jquery.natedit.uncompressed.js
@@ -448,7 +448,7 @@ $.NatEditor.prototype.initGui = function() {
   if (typeof(tinyMCE) !== 'undefined') {
     self.container.addClass("ui-natedit-wysiwyg-enabled");
   }
-  if (foswiki.getPreference("FarbtasticEnabled")) {
+  if (foswiki.getPreference("NatEditPlugin").FarbtasticEnabled) {
     self.container.addClass("ui-natedit-colorpicker-enabled");
   }
 
@@ -1556,7 +1556,7 @@ $.NatEditor.prototype.insertLink = function(opts) {
       return; // nop
     }
 
-    if (opts.file.match(/\.(bmp|png|jpe?g|gif|svg)$/i) && foswiki.getPreference("ImagePluginEnabled")) {
+    if (opts.file.match(/\.(bmp|png|jpe?g|gif|svg)$/i) && foswiki.getPreference("NatEditPlugin").ImagePluginEnabled) {
       markup = '%IMAGE{"'+opts.file+'"';
       if (opts.web != self.opts.web || opts.topic != self.opts.topic) {
         markup += ' topic="';