Merge branch 'master' of git://github.com/gallery/gallery3

author: Nathan Kinkade <nath@nkinka.de> 2012-06-01 15:10:46 +0000
committer: Nathan Kinkade <nath@nkinka.de> 2012-06-01 15:10:46 +0000
commit: b52e834bd0bab530e98537d52b31d4b37f199739 (patch)
tree: ff31dd4f6c2afaeae380f10dc691cde3cb4e6739 /lib/gallery.common.js
parent: f5098f54b8279f468d94747b1156e15ea05d6d25 (diff)
parent: 4c98b218316df00c8bf3eeb28a8324ec64348bff (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/gallery.common.js b/lib/gallery.common.js
index b499a2cd..755218f5 100644
--- a/lib/gallery.common.js
+++ b/lib/gallery.common.js
@@ -222,4 +222,32 @@
     });
   };
 
+  // Augment jQuery autocomplete to expect the first response line to
+  // be a <meta> tag that protects against UTF-7 attacks.
+  $.fn.gallery_autocomplete = function(url, options) {
+    // Drop the first response - it should be a meta tag
+    options.parse = function(data) {
+      var parsed = [];
+      var rows = data.split("\n");
+      if (rows[0].indexOf("<meta") == -1) {
+        throw 'Missing <meta> tag in first line of autocomplete response';
+      }
+      rows.shift();  // drop <META> tag
+      for (var i=0; i < rows.length; i++) {
+        var row = $.trim(rows[i]);
+        if (row) {
+          row = row.split("|");
+          parsed[parsed.length] = {
+            data: row,
+            value: row[0],
+            result: row[0]
+          };
+        }
+      }
+      return parsed;
+    };
+
+    $(this).autocomplete(url, options);
+  };
+
 })(jQuery);
author	Nathan Kinkade <nath@nkinka.de>	2012-06-01 15:10:46 +0000
committer	Nathan Kinkade <nath@nkinka.de>	2012-06-01 15:10:46 +0000
commit	b52e834bd0bab530e98537d52b31d4b37f199739 (patch)
tree	ff31dd4f6c2afaeae380f10dc691cde3cb4e6739 /lib/gallery.common.js
parent	f5098f54b8279f468d94747b1156e15ea05d6d25 (diff)
parent	4c98b218316df00c8bf3eeb28a8324ec64348bff (diff)