From d87c3b7d61fb61cd5d0b1f2742257a7a1b749c33 Mon Sep 17 00:00:00 2001
From: Michael Macias <mamacias@olemiss.edu>
Date: Sun, 8 Jan 2012 23:44:04 -0600
Subject: [PATCH] Escape document when using the txt extension

---
 static/application.js     | 11 ++++++++++-
 static/application.min.js |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/static/application.js b/static/application.js
index e21f447..cff7443 100644
--- a/static/application.js
+++ b/static/application.js
@@ -4,6 +4,15 @@ var haste_document = function() {
   this.locked = false;
 };
 
+// Escapes HTML tag characters
+haste_document.prototype.htmlEscape = function(s) {
+  return s
+    .replace(/&/g, '&amp;')
+    .replace(/>/g, '&gt;')
+    .replace(/</g, '&lt;')
+    .replace(/"/g, '&quot;');
+};
+
 // Get this document from the server and lock it here
 haste_document.prototype.load = function(key, callback, lang) {
   var _this = this;
@@ -17,7 +26,7 @@ haste_document.prototype.load = function(key, callback, lang) {
       try {
         var high;
         if (lang === 'txt') {
-          high = { value: res.data };
+          high = { value: _this.htmlEscape(res.data) };
         }
         else if (lang) {
           high = hljs.highlight(lang, res.data);
diff --git a/static/application.min.js b/static/application.min.js
index 85a3a9b..34e7b6a 100644
--- a/static/application.min.js
+++ b/static/application.min.js
@@ -1 +1 @@
-var haste_document=function(){this.locked=!1};haste_document.prototype.load=function(a,b,c){var d=this;$.ajax("/documents/"+a,{type:"get",dataType:"json",success:function(e){d.locked=!0,d.key=a,d.data=e.data;try{var f;c==="txt"?f={value:e.data}:c?f=hljs.highlight(c,e.data):f=hljs.highlightAuto(e.data)}catch(g){f=hljs.highlightAuto(e.data)}b({value:f.value,key:a,language:f.language||c,lineCount:e.data.split("\n").length})},error:function(a){b(!1)}})},haste_document.prototype.save=function(a,b){if(this.locked)return!1;this.data=a;var c=this;$.ajax("/documents",{type:"post",data:a,dataType:"json",success:function(d){c.locked=!0,c.key=d.key;var e=hljs.highlightAuto(a);b(null,{value:e.value,key:d.key,language:e.language,lineCount:a.split("\n").length})},error:function(a){try{b($.parseJSON(a.responseText))}catch(c){b({message:"Something went wrong!"})}}})};var haste=function(a,b){this.appName=a,this.baseUrl=window.location.href,this.$textarea=$("textarea"),this.$box=$("#box"),this.$code=$("#box code"),this.$linenos=$("#linenos"),this.options=b,this.configureShortcuts(),this.configureButtons(),b.twitter||$("#box2 .twitter").hide()};haste.prototype.setTitle=function(a){var b=a?this.appName+" - "+a:this.appName;document.title=b},haste.prototype.showMessage=function(a,b){var c=$('<li class="'+(b||"info")+'">'+a+"</li>");$("#messages").prepend(c),setTimeout(function(){c.slideUp("fast",function(){$(this).remove()})},3e3)},haste.prototype.lightKey=function(){this.configureKey(["new","save"])},haste.prototype.fullKey=function(){this.configureKey(["new","duplicate","twitter","link"])},haste.prototype.configureKey=function(a){var b,c=0;$("#box2 .function").each(function(){b=$(this);for(c=0;c<a.length;c++)if(b.hasClass(a[c]))return b.addClass("enabled"),!0;b.removeClass("enabled")})},haste.prototype.newDocument=function(a){this.$box.hide(),this.doc=new haste_document,a||window.history.pushState(null,this.appName,"/"),this.setTitle(),this.lightKey(),this.$textarea.val("").show("fast",function(){this.focus()}),this.removeLineNumbers()},haste.extensionMap={rb:"ruby",py:"python",pl:"perl",php:"php",scala:"scala",go:"go",xml:"xml",html:"xml",htm:"xml",css:"css",js:"javascript",vbs:"vbscript",lua:"lua",pas:"delphi",java:"java",cpp:"cpp",cc:"cpp",m:"objectivec",vala:"vala",cs:"cs",sql:"sql",sm:"smalltalk",lisp:"lisp",ini:"ini",diff:"diff",bash:"bash",sh:"bash",tex:"tex",erl:"erlang",hs:"haskell",md:"markdown",txt:""},haste.prototype.lookupExtensionByType=function(a){for(var b in haste.extensionMap)if(haste.extensionMap[b]===a)return b;return a},haste.prototype.lookupTypeByExtension=function(a){return haste.extensionMap[a]||a},haste.prototype.addLineNumbers=function(a){var b="";for(var c=0;c<a;c++)b+=(c+1).toString()+"<br/>";$("#linenos").html(b)},haste.prototype.removeLineNumbers=function(){$("#linenos").html("&gt;")},haste.prototype.loadDocument=function(a){var b=a.split(".",2),c=this;c.doc=new haste_document,c.doc.load(b[0],function(a){a?(c.$code.html(a.value),c.setTitle(a.key),c.fullKey(),c.$textarea.val("").hide(),c.$box.show().focus(),c.addLineNumbers(a.lineCount)):c.newDocument()},this.lookupTypeByExtension(b[1]))},haste.prototype.duplicateDocument=function(){if(this.doc.locked){var a=this.doc.data;this.newDocument(),this.$textarea.val(a)}},haste.prototype.lockDocument=function(){var a=this;this.doc.save(this.$textarea.val(),function(b,c){if(b)a.showMessage(b.message,"error");else if(c){a.$code.html(c.value),a.setTitle(c.key);var d="/"+c.key;c.language&&(d+="."+a.lookupExtensionByType(c.language)),window.history.pushState(null,a.appName+"-"+c.key,d),a.fullKey(),a.$textarea.val("").hide(),a.$box.show().focus(),a.addLineNumbers(c.lineCount)}})},haste.prototype.configureButtons=function(){var a=this;this.buttons=[{$where:$("#box2 .save"),label:"Save",shortcutDescription:"control + s",shortcut:function(a){return a.ctrlKey&&a.keyCode===83},action:function(){a.$textarea.val().replace(/^\s+|\s+$/g,"")!==""&&a.lockDocument()}},{$where:$("#box2 .new"),label:"New",shortcut:function(a){return a.ctrlKey&&a.keyCode===78},shortcutDescription:"control + n",action:function(){a.newDocument(!a.doc.key)}},{$where:$("#box2 .duplicate"),label:"Duplicate & Edit",shortcut:function(b){return a.doc.locked&&b.ctrlKey&&b.keyCode===68},shortcutDescription:"control + d",action:function(){a.duplicateDocument()}},{$where:$("#box2 .twitter"),label:"Twitter",shortcut:function(b){return a.options.twitter&&a.doc.locked&&b.ctrlKey&&b.keyCode==84},shortcutDescription:"control + t",action:function(){window.open("https://twitter.com/share?url="+encodeURI(window.location.href))}}];for(var b=0;b<this.buttons.length;b++)this.configureButton(this.buttons[b])},haste.prototype.configureButton=function(a){a.$where.click(function(b){b.preventDefault(),!a.clickDisabled&&$(this).hasClass("enabled")&&a.action()}),a.$where.mouseenter(function(b){$("#box3 .label").text(a.label),$("#box3 .shortcut").text(a.shortcutDescription||""),$("#box3").show(),$(this).append($("#pointer").remove().show())}),a.$where.mouseleave(function(a){$("#box3").hide(),$("#pointer").hide()})},haste.prototype.configureShortcuts=function(){var a=this;$(document.body).keydown(function(b){var c;for(var d=0;d<a.buttons.length;d++){c=a.buttons[d];if(c.shortcut&&c.shortcut(b)){b.preventDefault(),c.action();return}}})},$(function(){$("textarea").keydown(function(a){if(a.keyCode===9){a.preventDefault();var b="  ";if(document.selection)this.focus(),sel=document.selection.createRange(),sel.text=b,this.focus();else if(this.selectionStart||this.selectionStart=="0"){var c=this.selectionStart,d=this.selectionEnd,e=this.scrollTop;this.value=this.value.substring(0,c)+b+this.value.substring(d,this.value.length),this.focus(),this.selectionStart=c+b.length,this.selectionEnd=c+b.length,this.scrollTop=e}else this.value+=b,this.focus()}})})
\ No newline at end of file
+var haste_document=function(){this.locked=!1};haste_document.prototype.htmlEscape=function(a){return a.replace(/&/g,"&amp;").replace(/>/g,"&gt;").replace(/</g,"&lt;").replace(/"/g,"&quot;")},haste_document.prototype.load=function(a,b,c){var d=this;$.ajax("/documents/"+a,{type:"get",dataType:"json",success:function(e){d.locked=!0,d.key=a,d.data=e.data;try{var f;c==="txt"?f={value:d.htmlEscape(e.data)}:c?f=hljs.highlight(c,e.data):f=hljs.highlightAuto(e.data)}catch(g){f=hljs.highlightAuto(e.data)}b({value:f.value,key:a,language:f.language||c,lineCount:e.data.split("\n").length})},error:function(a){b(!1)}})},haste_document.prototype.save=function(a,b){if(this.locked)return!1;this.data=a;var c=this;$.ajax("/documents",{type:"post",data:a,dataType:"json",success:function(d){c.locked=!0,c.key=d.key;var e=hljs.highlightAuto(a);b(null,{value:e.value,key:d.key,language:e.language,lineCount:a.split("\n").length})},error:function(a){try{b($.parseJSON(a.responseText))}catch(c){b({message:"Something went wrong!"})}}})};var haste=function(a,b){this.appName=a,this.baseUrl=window.location.href,this.$textarea=$("textarea"),this.$box=$("#box"),this.$code=$("#box code"),this.$linenos=$("#linenos"),this.options=b,this.configureShortcuts(),this.configureButtons(),b.twitter||$("#box2 .twitter").hide()};haste.prototype.setTitle=function(a){var b=a?this.appName+" - "+a:this.appName;document.title=b},haste.prototype.showMessage=function(a,b){var c=$('<li class="'+(b||"info")+'">'+a+"</li>");$("#messages").prepend(c),setTimeout(function(){c.slideUp("fast",function(){$(this).remove()})},3e3)},haste.prototype.lightKey=function(){this.configureKey(["new","save"])},haste.prototype.fullKey=function(){this.configureKey(["new","duplicate","twitter","link"])},haste.prototype.configureKey=function(a){var b,c=0;$("#box2 .function").each(function(){b=$(this);for(c=0;c<a.length;c++)if(b.hasClass(a[c]))return b.addClass("enabled"),!0;b.removeClass("enabled")})},haste.prototype.newDocument=function(a){this.$box.hide(),this.doc=new haste_document,a||window.history.pushState(null,this.appName,"/"),this.setTitle(),this.lightKey(),this.$textarea.val("").show("fast",function(){this.focus()}),this.removeLineNumbers()},haste.extensionMap={rb:"ruby",py:"python",pl:"perl",php:"php",scala:"scala",go:"go",xml:"xml",html:"xml",htm:"xml",css:"css",js:"javascript",vbs:"vbscript",lua:"lua",pas:"delphi",java:"java",cpp:"cpp",cc:"cpp",m:"objectivec",vala:"vala",cs:"cs",sql:"sql",sm:"smalltalk",lisp:"lisp",ini:"ini",diff:"diff",bash:"bash",sh:"bash",tex:"tex",erl:"erlang",hs:"haskell",md:"markdown",txt:""},haste.prototype.lookupExtensionByType=function(a){for(var b in haste.extensionMap)if(haste.extensionMap[b]===a)return b;return a},haste.prototype.lookupTypeByExtension=function(a){return haste.extensionMap[a]||a},haste.prototype.addLineNumbers=function(a){var b="";for(var c=0;c<a;c++)b+=(c+1).toString()+"<br/>";$("#linenos").html(b)},haste.prototype.removeLineNumbers=function(){$("#linenos").html("&gt;")},haste.prototype.loadDocument=function(a){var b=a.split(".",2),c=this;c.doc=new haste_document,c.doc.load(b[0],function(a){a?(c.$code.html(a.value),c.setTitle(a.key),c.fullKey(),c.$textarea.val("").hide(),c.$box.show().focus(),c.addLineNumbers(a.lineCount)):c.newDocument()},this.lookupTypeByExtension(b[1]))},haste.prototype.duplicateDocument=function(){if(this.doc.locked){var a=this.doc.data;this.newDocument(),this.$textarea.val(a)}},haste.prototype.lockDocument=function(){var a=this;this.doc.save(this.$textarea.val(),function(b,c){if(b)a.showMessage(b.message,"error");else if(c){a.$code.html(c.value),a.setTitle(c.key);var d="/"+c.key;c.language&&(d+="."+a.lookupExtensionByType(c.language)),window.history.pushState(null,a.appName+"-"+c.key,d),a.fullKey(),a.$textarea.val("").hide(),a.$box.show().focus(),a.addLineNumbers(c.lineCount)}})},haste.prototype.configureButtons=function(){var a=this;this.buttons=[{$where:$("#box2 .save"),label:"Save",shortcutDescription:"control + s",shortcut:function(a){return a.ctrlKey&&a.keyCode===83},action:function(){a.$textarea.val().replace(/^\s+|\s+$/g,"")!==""&&a.lockDocument()}},{$where:$("#box2 .new"),label:"New",shortcut:function(a){return a.ctrlKey&&a.keyCode===78},shortcutDescription:"control + n",action:function(){a.newDocument(!a.doc.key)}},{$where:$("#box2 .duplicate"),label:"Duplicate & Edit",shortcut:function(b){return a.doc.locked&&b.ctrlKey&&b.keyCode===68},shortcutDescription:"control + d",action:function(){a.duplicateDocument()}},{$where:$("#box2 .twitter"),label:"Twitter",shortcut:function(b){return a.options.twitter&&a.doc.locked&&b.ctrlKey&&b.keyCode==84},shortcutDescription:"control + t",action:function(){window.open("https://twitter.com/share?url="+encodeURI(window.location.href))}}];for(var b=0;b<this.buttons.length;b++)this.configureButton(this.buttons[b])},haste.prototype.configureButton=function(a){a.$where.click(function(b){b.preventDefault(),!a.clickDisabled&&$(this).hasClass("enabled")&&a.action()}),a.$where.mouseenter(function(b){$("#box3 .label").text(a.label),$("#box3 .shortcut").text(a.shortcutDescription||""),$("#box3").show(),$(this).append($("#pointer").remove().show())}),a.$where.mouseleave(function(a){$("#box3").hide(),$("#pointer").hide()})},haste.prototype.configureShortcuts=function(){var a=this;$(document.body).keydown(function(b){var c;for(var d=0;d<a.buttons.length;d++){c=a.buttons[d];if(c.shortcut&&c.shortcut(b)){b.preventDefault(),c.action();return}}})},$(function(){$("textarea").keydown(function(a){if(a.keyCode===9){a.preventDefault();var b="  ";if(document.selection)this.focus(),sel=document.selection.createRange(),sel.text=b,this.focus();else if(this.selectionStart||this.selectionStart=="0"){var c=this.selectionStart,d=this.selectionEnd,e=this.scrollTop;this.value=this.value.substring(0,c)+b+this.value.substring(d,this.value.length),this.focus(),this.selectionStart=c+b.length,this.selectionEnd=c+b.length,this.scrollTop=e}else this.value+=b,this.focus()}})})
\ No newline at end of file