Remove Potential Object Injection Sink

This commit is contained in:
Sebastian Meyer 2020-03-04 14:36:31 +01:00
parent 09ddbc9d32
commit cfc817de9d
5 changed files with 28 additions and 29 deletions

View File

@ -26,7 +26,7 @@ var dlfAudioPlayer = function (settings) {
var format = dlfAudioPlayer.JPLAYER_MIMETYPE_FORMAT_MAPPING[audioOptions.mimeType] !== undefined
? dlfAudioPlayer.JPLAYER_MIMETYPE_FORMAT_MAPPING[audioOptions.mimeType]
: 'mp3';
audioOptions[format] = audioOptions.url;
audioOptions[String(format)] = audioOptions.url;
//
// Load params

View File

@ -44,7 +44,7 @@ function DlfAnnotationControl(map, image, annotationContainers) {
dlfUtils.parseDataDic($('#tx-dlf-tools-annotations')) :
{'annotations-on':'Display Annotations','annotations-off':'Hide Annotations'};
this.layers_ = {
this.layers_ = {
annotationList: new ol.layer.Vector({
'source': new ol.source.Vector(),
'style': dlfViewerOL3Styles.defaultStyle()
@ -100,7 +100,7 @@ function DlfAnnotationControl(map, image, annotationContainers) {
}, this),
mapHover: $.proxy(function(event){
mapHover: $.proxy(function(event){
// hover in case of dragging
if (event['dragging']) {
return;
@ -213,8 +213,7 @@ function DlfAnnotationControl(map, image, annotationContainers) {
this.activate(anchorEl);
}
}
DlfAnnotationControl.prototype.showAnnotationText = function(featuresParam) {
var features = featuresParam === undefined ? this.annotationData : featuresParam;
if (features !== undefined) {
@ -238,9 +237,9 @@ DlfAnnotationControl.prototype.showAnnotationText = function(featuresParam) {
}
}
};
DlfAnnotationControl.prototype.activate = function() {
var controlEl = $('#tx-dlf-tools-annotations');
// Fetch annotation lists from server if the method is called for the first time
@ -268,9 +267,9 @@ DlfAnnotationControl.prototype.activate = function() {
// trigger event
$(this).trigger("activate-annotations", this);
};
DlfAnnotationControl.prototype.deactivate = function() {
var controlEl = $('#tx-dlf-tools-annotations');
// deactivate annotations
@ -288,7 +287,7 @@ DlfAnnotationControl.prototype.disableAnnotationSelect = function() {
// remove layers
for (var key in this.layers_) {
if (this.layers_.hasOwnProperty(key)) {
this.map.removeLayer(this.layers_[key]);
this.map.removeLayer(this.layers_[String(key)]);
}
};
var className = 'fulltext-visible';
@ -309,7 +308,7 @@ DlfAnnotationControl.prototype.enableAnnotationSelect = function(textBlockFeatur
// add layers to map
for (var key in this.layers_) {
if (this.layers_.hasOwnProperty(key)) {
this.map.addLayer(this.layers_[key]);
this.map.addLayer(this.layers_[String(key)]);
}
};
// show annotation container

View File

@ -16,9 +16,9 @@
* @param {number=} opt_offset
*/
var DlfIiifAnnotationParser = function(opt_imageObj, opt_width, opt_height, opt_offset) {
// get width and height either from image info.json or from canvas information
/**
* @type {Object|undefined}
* @private
@ -88,13 +88,13 @@ DlfIiifAnnotationParser.prototype.parseAnnotationList = function(annotationList,
var minX, maxX, minY, maxY, annotationFeatures = [];
for (var i = 0; i < annotationList.resources.length; i++) {
var annotation = annotationList.resources[i];
var onCanvas = DlfIiifAnnotationParser.getTargetIdentifierWithoutFragment(annotation.on);
if (currentCanvas != onCanvas) continue;
var feature = this.parseAnnotation(annotation);
// Determine the dimension of the AnnotationList
@ -112,14 +112,14 @@ DlfIiifAnnotationParser.prototype.parseAnnotationList = function(annotationList,
annotationListId = this.generateId_(width, height, minX, minY),
scale = this.image_.width / this.width_,
coordinatesRescale = [];
for (var i = 0; i < listCoordinatesWithoutScale[0].length; i++) {
coordinatesRescale.push([( scale * listCoordinatesWithoutScale[0][i][0]),
coordinatesRescale.push([(scale * listCoordinatesWithoutScale[0][i][0]),
0 - (scale * listCoordinatesWithoutScale[0][i][1])]);
};
var listGeometry = new ol.geom.Polygon([coordinatesRescale]),
listFeature = new ol.Feature(listGeometry);
listFeature.setId(annotationListId);
listFeature.setProperties({
'type': 'annotationList',
@ -135,7 +135,7 @@ DlfIiifAnnotationParser.prototype.parseAnnotationList = function(annotationList,
listFeature.getAnnotations = function() {
return annotationFeatures;
};
return listFeature;
};
@ -156,7 +156,7 @@ DlfIiifAnnotationParser.prototype.parseGeometry = function(annotation) {
coordinatesRescale = [];
for (var i = 0; i < coordinatesWithoutScale[0].length; i++) {
coordinatesRescale.push([offset + ( scale * coordinatesWithoutScale[0][i][0]),
coordinatesRescale.push([offset + (scale * coordinatesWithoutScale[0][i][0]),
0 - (scale * coordinatesWithoutScale[0][i][1])]);
};
@ -200,5 +200,5 @@ DlfIiifAnnotationParser.getTargetIdentifierWithoutFragment = function(uri) {
if (uri == null) {
return null;
}
return uri.split("#")[0];
}
return uri.split("#")[0];
}

View File

@ -335,7 +335,7 @@ dlfViewerFullTextControl.prototype.disableFulltextSelect = function() {
// remove layers
for (var key in this.layers_) {
if (this.layers_.hasOwnProperty(key)) {
this.map.removeLayer(this.layers_[key]);
this.map.removeLayer(this.layers_[String(key)]);
}
};
@ -364,7 +364,7 @@ dlfViewerFullTextControl.prototype.enableFulltextSelect = function(textBlockFeat
// add layers to map
for (var key in this.layers_) {
if (this.layers_.hasOwnProperty(key)) {
this.map.addLayer(this.layers_[key]);
this.map.addLayer(this.layers_[String(key)]);
}
};
@ -421,7 +421,7 @@ dlfViewerFullTextControl.prototype.showFulltext = function(features) {
for (var j = 0; j < textlines.length; j++) {
var textLineSpan = $('<span class="textline" id="' + textlines[j].getId() + '">');
var content = textlines[j].get('content');
for (var k = 0; k < content.length; k++) {
var span = $('<span class="' + content[k].get('type') + '" id="' + content[k].getId() + '"/>');
var spanText = content[k].get('fulltext');

View File

@ -129,7 +129,7 @@ dlfViewerImageManipulationControl = function(options) {
glif.reset();
for (var filter in this.filters_) {
glif.addFilter(filter, this.filters_[filter]);
glif.addFilter(filter, this.filters_[String(filter)]);
};
this.filterUpdated_ = false;
@ -154,7 +154,7 @@ dlfViewerImageManipulationControl = function(options) {
for (var i = 0; i < sliderEls.length; i++) {
var sliderEl = sliderEls[i],
type = sliderEl.getAttribute('data-type'),
value = FILTERS_DEFAULT_[type];
value = FILTERS_DEFAULT_[String(type)];
$(sliderEl).slider('value', value);
};