diff --git a/completions.js b/completions.js
index 55ddaab..64e8e22 100644
--- a/completions.js
+++ b/completions.js
@@ -112,17 +112,17 @@ completions.dh.callback = function(response) {
var res = JSON.parse(response.text);
Omnibar.listResults(res.results, function(s) {
var meta = ""
- , repo = s.repo_name;
- meta += "[★" + s.star_count + "] ";
- meta += "[↓" + s.pull_count + "] ";
+ , repo = escape(s.repo_name);
+ meta += "[★" + escape(s.star_count) + "] ";
+ meta += "[↓" + escape(s.pull_count) + "] ";
if (repo.indexOf("/") === -1) {
repo = "_/" + repo;
}
var li = $('').html(`
-
${s.repo_name}
+
${escape(s.repo_name)}
${meta}
-
${s.short_description}
+
${escape(s.short_description)}
${d[0]} ${d[1]} ${d[2]}
`);
- li.data('url', "http://onelook.com/?w=" + d[0]);
+ var word = escape(d[0]);
+ var pos = escape(d[1]);
+ var def = escape(d[2]);
+ var li = $('').html(`${word} ${pos} ${def}
`);
+ li.data('url', "http://onelook.com/?w=" + encodeURIComponent(d[0]));
return li;
});
};
@@ -307,16 +310,14 @@ completions.th.callback = function(response) {
var defs = [];
res.map(function(r){
if (!r.defs || r.defs.length === 0) {
- defs.push([r.word, "", ""]);
+ defs.push([escape(r.word), "", ""]);
return;
}
r.defs.map(function(d) {
d = d.split("\t");
-
- var sp = "(" + d[0] + ")",
- def = d[1];
-
- defs.push([r.word, sp, def]);
+ var sp = "(" + escape(d[0]) + ")";
+ var def = escape(d[1]);
+ defs.push([escape(r.word), sp, def]);
});
});
Omnibar.listResults(defs, function(d) {
@@ -358,8 +359,8 @@ completions.wa.callback = function(response) {
Omnibar.listResults([""], function() {
var li = $('').html(`
-
Error (Code ${res.error.code})
-
${res.error.msg}
+
Error (Code ${escape(res.error.code)})
+
${escape(res.error.msg)}
No Results
-
${res.tips.text}
+
${escape(res.tips.text)}
`);
return li;
@@ -384,7 +385,7 @@ completions.wa.callback = function(response) {
var li = $('').html(`
Did you mean...?
-
${s.val}
+
${escape(s.val)}
`);
return li;
@@ -396,7 +397,7 @@ completions.wa.callback = function(response) {
var results = [];
res.pods.map(function(p){
var result = {
- title: p.title,
+ title: escape(p.title),
values: [],
url: "http://www.wolframalpha.com/input/?i=",
};
@@ -406,9 +407,9 @@ completions.wa.callback = function(response) {
if (!sp.plaintext) return;
var v = "";
if (sp.title) {
- v += `${sp.title}: `;
+ v += `${escape(sp.title)}: `;
}
- v += sp.plaintext;
+ v += escape(sp.plaintext);
result.values.push(`${v}
`);
});
}
@@ -445,24 +446,24 @@ completions.co.callback = function(response) {
res.map(function(rr){
var r = rr.properties;
var p = {
- name: r.name,
- domain: r.domain,
- desc: r.short_description,
- role: r.primary_role,
+ name: escape(r.name),
+ domain: escape(r.domain),
+ desc: escape(r.short_description),
+ role: escape(r.primary_role),
img: blank,
loc: "",
- url: "https://www.crunchbase.com/" + r.web_path
+ url: "https://www.crunchbase.com/" + encodeURIComponent(r.web_path)
};
- p.loc += (r.city_name !== null) ? r.city_name : "";
- p.loc += (r.region_name !== null && p.loc !== "") ? ", " : "";
- p.loc += (r.region_name !== null) ? r.region_name : "";
- p.loc += (r.country_code !== null && p.loc !== "") ? ", " : "";
- p.loc += (r.country_code !== null) ? r.country_code : "";
- p.loc += (p.loc === "") ? "Earth" : "";
+ p.loc += (r.city_name !== null) ? escape(r.city_name) : "";
+ p.loc += (r.region_name !== null && p.loc !== "") ? ", " : "";
+ p.loc += (r.region_name !== null) ? escape(r.region_name) : "";
+ p.loc += (r.country_code !== null && p.loc !== "") ? ", " : "";
+ p.loc += (r.country_code !== null) ? escape(r.country_code) : "";
+ p.loc += (p.loc === "") ? "Earth" : "";
if (r.profile_image_url !== null) {
- var url = r.profile_image_url
+ var url = encodeURIComponent(r.profile_image_url)
, path = url.split('/')
, img = path[path.length-1];
p.img = "http://public.crunchbase.com/t_api_images/v1402944794/c_pad,h_50,w_50/" + img;
@@ -504,29 +505,29 @@ completions.cp.callback = function(response) {
res.map(function(rr){
var r = rr.properties;
var p = {
- name: r.first_name + " " + r.last_name,
+ name: escape(r.first_name) + " " + escape(r.last_name),
desc: "",
img: blank,
loc: "",
- url: "https://www.crunchbase.com/" + r.web_path
+ url: "https://www.crunchbase.com/" + encodeURIComponent(r.web_path)
};
- p.desc += (r.title !== null) ? r.title : "";
- p.desc += (r.organization_name !== null && p.desc !== "") ? ", " : "";
- p.desc += (r.organization_name !== null) ? r.organization_name : "";
- p.desc += (p.desc === "") ? "Human" : "";
+ p.desc += (r.title !== null) ? escape(r.title) : "";
+ p.desc += (r.organization_name !== null && p.desc !== "") ? ", " : "";
+ p.desc += (r.organization_name !== null) ? escape(r.organization_name) : "";
+ p.desc += (p.desc === "") ? "Human" : "";
- p.loc += (r.city_name !== null) ? r.city_name : "";
- p.loc += (r.region_name !== null && p.loc !== "") ? ", " : "";
- p.loc += (r.region_name !== null) ? r.region_name : "";
- p.loc += (r.country_code !== null && p.loc !== "") ? ", " : "";
- p.loc += (r.country_code !== null) ? r.country_code : "";
- p.loc += (p.loc === "") ? "Earth" : "";
+ p.loc += (r.city_name !== null) ? escape(r.city_name) : "";
+ p.loc += (r.region_name !== null && p.loc !== "") ? ", " : "";
+ p.loc += (r.region_name !== null) ? escape(r.region_name) : "";
+ p.loc += (r.country_code !== null && p.loc !== "") ? ", " : "";
+ p.loc += (r.country_code !== null) ? escape(r.country_code) : "";
+ p.loc += (p.loc === "") ? "Earth" : "";
if (r.profile_image_url !== null) {
var url = r.profile_image_url
, path = url.split('/')
- , img = path[path.length-1];
+ , img = encodeURIComponent(path[path.length-1]);
p.img = "http://public.crunchbase.com/t_api_images/v1402944794/c_pad,h_50,w_50/" + img;
}
@@ -605,25 +606,25 @@ completions.hx = {
completions.hx.callback = function(response) {
var res = JSON.parse(response.text);
Omnibar.listResults(res, function(s) {
- var dls = ""
- , desc = ""
- , liscs = "";
+ var dls = ""
+ , desc = ""
+ , liscs = "";
if (s.downloads && s.downloads.all) {
- dls = "[↓" + s.downloads.all + "] ";
+ dls = "[↓" + escape(s.downloads.all) + "] ";
}
if(s.meta) {
if (s.meta.description) {
- desc = s.meta.description;
+ desc = escape(s.meta.description);
}
if (s.meta.licenses) {
s.meta.licenses.forEach(function(l) {
- liscs += "[©" + l + "] ";
+ liscs += "[©" + escape(l) + "] ";
});
}
}
var li = $('').html(`
-
${s.repository}/${s.name}
+
${escape(s.repository)}/${escape(s.name)}
${dls}${liscs}
${desc}
-
${s.repository}/${s.name}
+
${escape(s.repository)}/${escape(s.name)}
${dls}${liscs}
${desc}
-
${s.title}
-
${s.slug}
+
${title}
+
${slug}
${excerpt}
${s.highlight}
+ ${escape(s.highlight)}
${stars}
${flags}
@@ -1069,6 +1072,21 @@ function google_cx_publicurl(alias) {
return `https://cse.google.com/cse/publicurl?cx=${keys[key]}&q=`;
}
+function escape(str) {
+ return String(str).replace(/[&<>"'`=\/]/g, function(s) {
+ return {
+ '&': '&',
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": ''',
+ '/': '/',
+ '`': '`',
+ '=': '='
+ }[s];
+ });
+}
+
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
module.exports = completions;
}