Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Broken Handling of Certain Hash Characters from elFinder Connector #2802

Merged
merged 1 commit into from
Dec 17, 2018
Merged

Broken Handling of Certain Hash Characters from elFinder Connector #2802

merged 1 commit into from
Dec 17, 2018

Conversation

deltoss
Copy link
Contributor

@deltoss deltoss commented Dec 17, 2018
edited
Loading

In the elFinder docs, it has the below content:

Using this algorithm even without encryption, client cannot get real file paths on the server only relative to root paths. This hash algorithm is recommended but you can use your own implementation so long as it matches these 2 rules:

hash must be valid for storage in the id attribute of an HTML tag
hash must be reversible by connector

This doesn't actually hold as characters such as ".", ":" are valid HTML ID characters, but when used in a JQuery hash selector, elFinder would behave strangely as internally, it does it in such a way where these characters are confused with CSS/JQuery selector characters instead of being part of the HTML ID.

For more information on the above issue, refer to the accepted answer on this stackoverflow post.

As such, I've made a pull request in an attempt to solve the above issue. So essentially, instead of:

$("#" + elementId)

It now uses:

$(document.getElementById(elementId))

Benchmark

I ran a small benchmark to see any performance difference, and it turns out using $(document.getElementById("")) is actually faster.

I copied the code within this text file and ran it on the elfinder demo page.
Benchmark.txt

Benchmark Results

benchmark

@deltoss
Changed the code where it uses the JQuery # selector.
628d55e 
Now it leverages document.getElementById, which escapes reserved characters (i.e. CSS and JQuery selectors).
@deltoss deltoss changed the title Changed the code where it uses the JQuery # selector. Broken Handling of certain Hash Characters Dec 17, 2018
@deltoss deltoss changed the title Broken Handling of certain Hash Characters Broken Handling of certain Hash Characters from elFinder Connector Dec 17, 2018
@deltoss deltoss changed the title Broken Handling of certain Hash Characters from elFinder Connector Broken Handling of Certain Hash Characters from elFinder Connector Dec 17, 2018
@nao-pon
Copy link
Member

nao-pon commented Dec 17, 2018

@mtran0011 Thank you for accurate PR. 👍

@nao-pon nao-pon merged commit 292eea1 into Studio-42:master Dec 17, 2018
nao-pon added a commit that referenced this pull request Dec 17, 2018
@nao-pon
[js] add new methods navHash2Elm, cwdHash2Elm
d54d624 
rel. #2802
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@deltoss @nao-pon