commit 4ea05ce0912ee25cc7779eb57496113f3f9ec258
parent 620b8abb2cd28d02b5be2ef14c4836e3c6fdf956
Author: Dan Stillman <dstillman@zotero.org>
Date: Mon, 14 Jan 2013 16:00:25 -0500
Strip control characters when inserting notes and displaying reports
Diffstat:
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/chrome/content/zotero/xpcom/data/item.js b/chrome/content/zotero/xpcom/data/item.js
@@ -2441,7 +2441,10 @@ Zotero.Item.prototype.setNote = function(text) {
throw ("text must be a string in Zotero.Item.setNote() (was " + typeof text + ")");
}
- text = Zotero.Utilities.trim(text);
+ text = text
+ // Strip control characters
+ .replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F]/g, "")
+ .trim();
var oldText = this.getNote();
if (text == oldText) {
diff --git a/chrome/content/zotero/xpcom/report.js b/chrome/content/zotero/xpcom/report.js
@@ -79,7 +79,14 @@ Zotero.Report = new function() {
// If not valid XML, display notes with entities encoded
var parser = Components.classes["@mozilla.org/xmlextras/domparser;1"]
.createInstance(Components.interfaces.nsIDOMParser);
- var doc = parser.parseFromString('<div>' + arr.note.replace(/ /g, " ") + '</div>', "application/xml");
+ var doc = parser.parseFromString('<div>'
+ + arr.note
+ // isn't valid in HTML
+ .replace(/ /g, " ")
+ // Strip control characters (for notes that were
+ // added before item.setNote() started doing this)
+ .replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F]/g, "")
+ + '</div>', "application/xml");
if (doc.documentElement.tagName == 'parsererror') {
Zotero.debug(doc.documentElement.textContent, 2);
content += '<p class="plaintext">' + escapeXML(arr.note) + '</p>\n';
