Merge pull request #931 from frknbasaran/server-1437

ar2rsawseen · web-flow · commit 5fa110c8719e · 2019-07-08T19:57:13.000+03:00
[server-1437] Runtime replacement of word Countly.
diff --git a/frontend/express/app.js b/frontend/express/app.js
@@ -3,6 +3,7 @@ process.title = "countly: dashboard node " + process.argv[1];
 
 var versionInfo = require('./version.info'),
     COUNTLY_VERSION = versionInfo.version,
+    COUNTLY_COMPANY = versionInfo.company || '',
     COUNTLY_TYPE = versionInfo.type,
     COUNTLY_PAGE = versionInfo.page = (!versionInfo.title) ? "http://count.ly" : null,
     COUNTLY_NAME = versionInfo.title = versionInfo.title || "Countly",
@@ -573,6 +574,7 @@ app.use(function(req, res, next) {
     req.template.css = "";
     req.template.form = "";
     req.countly = {
+        company: COUNTLY_COMPANY,
         version: COUNTLY_VERSION,
         type: COUNTLY_TYPE,
         page: COUNTLY_PAGE,
@@ -785,6 +787,7 @@ function renderDashboard(req, res, next, member, adminOfApps, userOfApps, countl
         _.extend(req.config, configs);
         var countlyGlobal = {
             countlyTitle: req.countly.title,
+            company: req.countly.company,
             languages: languages,
             countlyVersion: req.countly.version,
             countlyFavicon: req.countly.favicon,
diff --git a/frontend/express/public/javascripts/countly/countly.template.js b/frontend/express/public/javascripts/countly/countly.template.js
@@ -1235,6 +1235,12 @@ var AppRouter = Backbone.Router.extend({
             path: [countlyGlobal.cdn + 'localization/min/'],
             mode: 'map',
             callback: function() {
+                for (var key in jQuery.i18n.map) {
+                    if (countlyGlobal.company) {
+                        jQuery.i18n.map[key] = jQuery.i18n.map[key].replace(new RegExp("Countly", 'ig'), countlyGlobal.company);
+                    }
+                    jQuery.i18n.map[key] = countlyCommon.encodeSomeHtml(jQuery.i18n.map[key]);
+                }
                 self.origLang = JSON.stringify(jQuery.i18n.map);
             }
         });
@@ -1537,6 +1543,13 @@ var AppRouter = Backbone.Router.extend({
                     path: [countlyGlobal.cdn + 'localization/min/'],
                     mode: 'map',
                     callback: function() {
+                        for (var key in jQuery.i18n.map) {
+                            if (countlyGlobal.company) {
+                                jQuery.i18n.map[key] = jQuery.i18n.map[key].replace(new RegExp("Countly", 'ig'), countlyGlobal.company);
+                            }
+                            jQuery.i18n.map[key] = countlyCommon.encodeSomeHtml(jQuery.i18n.map[key]);
+                        }
+
                         self.origLang = JSON.stringify(jQuery.i18n.map);
                         $.when(countlyLocation.changeLanguage()).then(function() {
                             self.activeView.render();
diff --git a/frontend/express/public/javascripts/pre-login.js b/frontend/express/public/javascripts/pre-login.js
@@ -1,4 +1,4 @@
-/*global store, jQuery, $, document, countlyGlobal*/
+/*global store, jQuery, $, document, countlyGlobal, filterXSS */
 
 /**
  * Javascript file loaded on pre login pages with some handy global functions
@@ -19,6 +19,36 @@ function showMessage(key, prop) {
     $("#message").html(jQuery.i18n.prop(key, prop));
 }
 
+var htmlEncodeOptions = {
+    "whiteList": {"a": ["href", "class", "target"], "b": [], "br": [], "strong": [], "p": [], "span": ["class"], "div": ["class"]},
+    onTagAttr: function(tag, name, value/* isWhiteAttr*/) {
+        if (tag === "a") {
+            if (name === "target" && !(value === "_blank" || value === "_self" || value === "_top" || value === "_parent")) {
+                return "target='_blank'"; //set _blank if incorrect value
+            }
+
+            if (name === "href" && !(value.substr(0, 1) === "#" || value.substr(0, 1) === "/" || value.substr(0, 4) === "http")) {
+                return "href='#'"; //set # if incorrect value
+            }
+        }
+    }
+};
+
+/**
+* Encode some tags, leaving those set in whitelist as they are.
+* @param {string} html - value to encode
+* @param {object} options for encoding. Optional. If not passed, using default in common.
+* @returns {string} encode string
+*/
+function encodeSomeHtml(html, options) {
+    if (options) {
+        return filterXSS(html, options);
+    }
+    else {
+        return filterXSS(html, htmlEncodeOptions);
+    }
+}
+
 /**
 * By default only pre-login property file localization is available on prelogin pages, but you can additionally load other localization files, like for example needed for your plugin, using this function
 * @param {string} name - base name of the property file without the locale/language. Should be the same name as your plugin
@@ -39,8 +69,12 @@ function addLocalization(name, path, callback) {
         language: lang,
         callback: function() {
             $.each(jQuery.i18n.map, function(key, value) {
-                langs[key] = value;
+                if (countlyGlobal.company) {
+                    langs[key] = value.replace(new RegExp("Countly", 'ig'), countlyGlobal.company);
+                }
+                langs[key] = encodeSomeHtml(value);
             });
+
             jQuery.i18n.map = langs;
 
             $("[data-localize]").each(function() {
@@ -82,10 +116,12 @@ $(document).ready(function() {
         mode: 'map',
         language: lang,
         callback: function() {
-            // Localization test
-            //$.each(jQuery.i18n.map, function(key, value) {
-            //	jQuery.i18n.map[key] = key;
-            //});
+            $.each(jQuery.i18n.map, function(key, value) {
+                if (countlyGlobal.company) {
+                    jQuery.i18n.map[key] = value.replace(new RegExp("Countly", 'ig'), countlyGlobal.company);
+                }
+                jQuery.i18n.map[key] = encodeSomeHtml(value);
+            });
 
             $("[data-localize]").each(function() {
                 var elem = $(this),
diff --git a/frontend/express/views/forgot.html b/frontend/express/views/forgot.html
@@ -79,6 +79,7 @@
 	<script language="javascript" type="text/javascript" src="javascripts/dom/jquery.noisy.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/store+json2.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/jquery.i18n.properties-min-1.0.9.js"></script>
+	<script language="javascript" type="text/javascript" src="javascripts/utils/jquery.xss.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/countly/countly.helpers.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/pre-login.js"></script>
 	<script>
diff --git a/frontend/express/views/login.html b/frontend/express/views/login.html
@@ -86,6 +86,7 @@
 	<script language="javascript" type="text/javascript" src="javascripts/dom/jquery.noisy.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/store+json2.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/jquery.i18n.properties-min-1.0.9.js"></script>
+	<script language="javascript" type="text/javascript" src="javascripts/utils/jquery.xss.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/pre-login.js"></script>
 	<script>
         var countlyTitle = "<%- countlyTitle %>";
diff --git a/frontend/express/views/reset.html b/frontend/express/views/reset.html
@@ -83,6 +83,7 @@
 	<script language="javascript" type="text/javascript" src="../javascripts/dom/jquery.noisy.min.js"></script>
 	<script language="javascript" type="text/javascript" src="../javascripts/utils/store+json2.min.js"></script>
 	<script language="javascript" type="text/javascript" src="../javascripts/utils/jquery.i18n.properties-min-1.0.9.js"></script>
+	<script language="javascript" type="text/javascript" src="../javascripts/utils/jquery.xss.js"></script>
 	<script language="javascript" type="text/javascript" src="../javascripts/pre-login.js"></script>
 	<script>
         var countlyTitle = "<%- countlyTitle %>";
diff --git a/frontend/express/views/setup.html b/frontend/express/views/setup.html
@@ -81,6 +81,7 @@
 	<script language="javascript" type="text/javascript" src="javascripts/dom/jquery.noisy.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/store+json2.min.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/utils/jquery.i18n.properties-min-1.0.9.js"></script>
+    <script language="javascript" type="text/javascript" src="javascripts/utils/jquery.xss.js"></script>
 	<script language="javascript" type="text/javascript" src="javascripts/pre-login.js"></script>
 	<script>
         var countlyTitle = "<%- countlyTitle %>";
