Skip to content

Commit

Permalink
Merge pull request #82 from InseeFr/patch-sanitization
Browse files Browse the repository at this point in the history 
Patch sanitization
  • Loading branch information
@EmmanuelDemey
EmmanuelDemey authored Aug 13, 2024
2 parents 76480b1 + db94f3b commit 42d726e
Show file tree
Hide file tree
Showing 8 changed files with 144 additions and 170 deletions.
21 changes: 9 additions & 12 deletions pages/common/eap2017/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2017</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
21 changes: 9 additions & 12 deletions pages/common/eap2018/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2018</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
21 changes: 9 additions & 12 deletions pages/common/eap2019/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2019</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
21 changes: 9 additions & 12 deletions pages/common/eap2020/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2020</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
21 changes: 9 additions & 12 deletions pages/common/eap2021/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
21 changes: 9 additions & 12 deletions pages/common/eap2022/eap.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<link href="../commun.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
</head>
<body>
<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2022</h1>
Expand All @@ -18,10 +18,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)

<!-- Template for items -->
<script id="items-template" type="text/x-handlebars-template">
<p class="nom-enfants">{{sanitize title}}</p>
<p class="nom-enfants">{{title}}</p>
<ul class="enfants">
{{#each items}}
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
<li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
{{/each}}
</ul>
</script>
Expand Down Expand Up @@ -51,14 +51,16 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
const template = Handlebars.compile(templateSource);

const context = {
title: DOMPurify.sanitize(title),
title: DOMPurify.sanitize(title), // Sanitize the title
items: data.results.bindings.map(item => ({
code: DOMPurify.sanitize(item.code.value),
label: DOMPurify.sanitize(item.label.value)
code: DOMPurify.sanitize(item.code.value), // Sanitize each code
label: DOMPurify.sanitize(item.label.value) // Sanitize each label
}))
};

document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
const sanitizedHTML = template(context);
const container = document.getElementById(elementId);
container.innerHTML = DOMPurify.sanitize(sanitizedHTML); // Sanitize the final HTML
})
.catch(error => console.error('Error fetching data:', error));
};
Expand Down Expand Up @@ -96,11 +98,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
Handlebars.registerHelper('encodeURIComponent', function(context) {
return encodeURIComponent(context);
});

// Helper to sanitize input
Handlebars.registerHelper('sanitize', function(context) {
return Handlebars.escapeExpression(context);
});
</script>
</body>
</html>
Loading

0 comments on commit 42d726e

Please sign in to comment.