* Chrome 94.0.4606.54: fix CSP error clicking on sidebox menu

Chrome 94 returns all but first single quote "'" in a href attribute as "%27" :(
This commit is contained in:
Ralf Becker 2021-09-22 14:43:51 +02:00
parent d518a2b118
commit 163c7287e6

View File

@ -143,14 +143,15 @@ import './slider.js';
var href_regexp = /^javascript:([^\(]+)\((.*)?\);?$/; var href_regexp = /^javascript:([^\(]+)\((.*)?\);?$/;
jQuery('#egw_fw_topmenu_items,#egw_fw_topmenu_info_items,#egw_fw_sidemenu,#egw_fw_footer').on('click','a[href^="javascript:"]',function(ev){ jQuery('#egw_fw_topmenu_items,#egw_fw_topmenu_info_items,#egw_fw_sidemenu,#egw_fw_footer').on('click','a[href^="javascript:"]',function(ev){
ev.stopPropagation(); // do NOT execute regular event, as it will violate CSP, when handler does NOT return false ev.stopPropagation(); // do NOT execute regular event, as it will violate CSP, when handler does NOT return false
var matches = this.href.match(href_regexp); // fix for Chrome 94.0.4606.54 returning all but first single quote "'" in href as "%27" :(
var matches = this.href.replace(/%27/g, "'").match(href_regexp);
var args = []; var args = [];
if (matches.length > 1 && matches[2] !== undefined) if (matches.length > 1 && matches[2] !== undefined)
{ {
try { try {
args = JSON.parse('['+matches[2]+']'); args = JSON.parse('['+matches[2]+']');
} }
catch(e) { // deal with '-encloded strings (JSON allows only ") catch(e) { // deal with '-enclosed strings (JSON allows only ")
args = JSON.parse('['+matches[2].replace(/','/g, '","').replace(/((^|,)'|'(,|$))/g, '$2"$3')+']'); args = JSON.parse('['+matches[2].replace(/','/g, '","').replace(/((^|,)'|'(,|$))/g, '$2"$3')+']');
} }
} }