fix(factories.js): removed the extra <span id="selectionBoundary..." …

…class="rangySelectionBoundary">></span> and others that crep in. See #1290 for details
textAngular · Sep 5, 2016 · 76a31e2 · 76a31e2
1 parent d930538
commit 76a31e2
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/factories.js b/src/factories.js
@@ -202,6 +202,11 @@ angular.module('textAngular.factories', [])
 		return finalHtml + html.substring(lastIndex);
 	}
 
+	// use precompiled regexp for speed
+	var rsb1 = new RegExp(/<span id="selectionBoundary_\d+_\d+" class="rangySelectionBoundary">[^<>]+?<\/span>/ig);
+	var rsb2 = new RegExp(/<span class="rangySelectionBoundary" id="selectionBoundary_\d+_\d+">[^<>]+?<\/span>/ig);
+	var rsb3 = new RegExp(/<span id="selectionBoundary_\d+_\d+" class="rangySelectionBoundary">[^<>]+?<\/span>/ig);
+
 	return function taSanitize(unsafe, oldsafe, ignore){
 		// unsafe html should NEVER built into a DOM object via angular.element. This allows XSS to be inserted and run.
 		if ( !ignore ) {
@@ -216,6 +221,16 @@ angular.module('textAngular.factories', [])
 		// setup unsafe element for modification
 		unsafe = transformLegacyAttributes(unsafe);
 
+		// we had an issue in the past, where we dumped a whole bunch of <span>'s into the content...
+		// so we remove them here
+		// IN A FUTURE release this can be removed after all have updated through release 1.5.9
+		if (unsafe) {
+			unsafe = unsafe.replace(rsb1, '');
+			unsafe = unsafe.replace(rsb2, '');
+			unsafe = unsafe.replace(rsb1, '');
+			unsafe = unsafe.replace(rsb3, '');
+		}
+
 		var safe;
 		try {
 			safe = $sanitize(unsafe);