Merge branch 'dev-FixingBracketsMOTDjs' into 'dev'

Security fix removing brackets from motd js

See merge request crafty-controller/crafty-4!296

app/frontend/static/assets/js/motd.js

@@ -22,19 +22,17 @@ var styleMap = {
     '§o': 'font-style:italic',
 };
 function obfuscate(string, elem) {
-    var magicSpan,
-        currNode;
-    if(string.indexOf('<br>') > -1) {
+    var magicSpan;
+    if (string.indexOf('<br>') > -1) {
         elem.innerHTML = string;
-        for(var j = 0, len = elem.childNodes.length; j < len; j++) {
-            currNode = elem.childNodes[j];
-            if(currNode.nodeType === 3) {
+        elem.childNodes.array.forEach(currNode => {
+            if (currNode.nodeType === 3) {
                 magicSpan = document.createElement('span');
                 magicSpan.innerHTML = currNode.nodeValue;
                 elem.replaceChild(magicSpan, currNode);
                 init(magicSpan);
             }
-        }
+        });
     } else {
         init(elem, string);
     }
@@ -42,77 +40,55 @@ function obfuscate(string, elem) {
         var i = 0,
             obsStr = str || el.innerHTML,
             len = obsStr.length;
-        obfuscators.push( window.setInterval(function () {
-            if(i >= len) i = 0;
+        obfuscators.push(window.setInterval(function () {
+            if (i >= len) i = 0;
             obsStr = replaceRand(obsStr, i);
             el.innerHTML = obsStr;
             i++;
-        }, 0) );
+        }, 0));
     }
     function randInt(min, max) {
-        return Math.floor( Math.random() * (max - min + 1) ) + min;
-    } 
+        return Math.floor(Math.random() * (max - min + 1)) + min;
+    }
     function replaceRand(string, i) {
-        var randChar = String.fromCharCode( randInt(64, 95) );
+        var randChar = String.fromCharCode(randInt(64, 95));
         return string.substr(0, i) + randChar + string.substr(i + 1, string.length);
     }
 }
 function applyCode(string, codes) {
     var elem = document.createElement('span'),
         obfuscated = false;
-    string = string.replace(/\x00*/g, '');
-    for(var i = 0, len = codes.length; i < len; i++) {
-        elem.style.cssText += styleMap[codes[i]] + ';';
-        if(codes[i] === '§k') {
+    codes.forEach(code => {
+        elem.style.cssText += styleMap[code] + ';';
+        if (code === '§k') {
             obfuscate(string, elem);
             obfuscated = true;
         }
-    }
-    if(!obfuscated) elem.innerHTML = string;
+    });
+    if (!obfuscated) elem.innerHTML = string;
     return elem;
 }
 function parseStyle(string) {
-    var codes = string.match(/§.{1}/g) || [],
-        indexes = [],
-        apply = [],
-        tmpStr,
-        deltaIndex,
-        noCode,
-        final = document.createDocumentFragment(),
-        i;
+    var final = document.createDocumentFragment();
+    console.log("STRING : " + string)
     string = string.replace(/\n|\\n/g, '<br>');
-    for(i = 0, len = codes.length; i < len; i++) {
-        indexes.push( string.indexOf(codes[i]) );
-        string = string.replace(codes[i], '\x00\x00');
-    }
-    if(indexes[0] !== 0) {
-        final.appendChild( applyCode( string.substring(0, indexes[0]), [] ) );
-    }
-    for(i = 0; i < len; i++) {
-    	indexDelta = indexes[i + 1] - indexes[i];
-        if(indexDelta === 2) {
-            while(indexDelta === 2) {
-                apply.push ( codes[i] );
-                i++;
-                indexDelta = indexes[i + 1] - indexes[i];
-            }
-            apply.push ( codes[i] );
-        } else {
-            apply.push( codes[i] );
+    string = string.split('§r');
+    string.forEach(item => {
+        var apply = [];
+        if (item.length > 0) {
+            apply = item.match(/§.{1}/g) || [];
+            apply.forEach(code => {
+                item = item.replace(code, '')
+            });
+            final.appendChild(applyCode(item, apply));
         }
-        if( apply.lastIndexOf('§r') > -1) {
-            apply = apply.slice( apply.lastIndexOf('§r') + 1 );
-        }
-        tmpStr = string.substring( indexes[i], indexes[i + 1] );
-        final.appendChild( applyCode(tmpStr, apply) );
-    }
+    });
     return final;
 }
 function clearObfuscators() {
-    var i = obfuscators.length;
-    for(;i--;) {
-        clearInterval(obfuscators[i]);
-    }
+    obfuscators.slice().reverse().forEach(item => {
+        clearInterval(item);
+    });
     obfuscators = [];
 }
 function initParser(input, output) {
@@ -120,7 +96,7 @@ function initParser(input, output) {
     var input = document.getElementById(input),
         output = document.getElementById(output);
     if (input != null && output != null) {
-        var parsed = parseStyle( input.innerHTML );
+        var parsed = parseStyle(input.innerHTML);
         output.innerHTML = '';
         output.appendChild(parsed);
     }

app/frontend/templates/public_base.html

@@ -49,8 +49,6 @@
   <script src="/static/assets/js/shared/off-canvas.js"></script>
   <script src="/static/assets/js/shared/hoverable-collapse.js"></script>
   <script src="/static/assets/js/shared/misc.js"></script>
-  <script src="/static/assets/js/shared/settings.js"></script>
-  <script src="/static/assets/js/shared/todolist.js"></script>
   <!-- endinject -->
   <script>