From 1ce628ae2ab01799b6f601f0677ea396d1ac1577 Mon Sep 17 00:00:00 2001
From: fab <fabrice.leal.ch@gmail.com>
Date: Tue, 11 Dec 2018 20:44:50 +0000
Subject: migrate is_valid_hash, blessData, property, atom

---
 lib/js/urweb.js | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

(limited to 'lib')

diff --git a/lib/js/urweb.js b/lib/js/urweb.js
index fe47959f..00637172 100644
--- a/lib/js/urweb.js
+++ b/lib/js/urweb.js
@@ -5109,11 +5109,14 @@ function bless(s) {
 
 
 // Attribute name blessing
+var maxCh = chr(127);
 
 function blessData(s) {
-    for (var i = 0; i < s.length; ++i) {
-        var c = s[i];
-        if (!isAlnum(c) && c != '-' && c != '_')
+    var chars = Array.from(s);
+    
+    for (var i = 0; i < chars.length; ++i) {
+        var c = chars[i];
+        if (c > maxCh || (!isAlnum(c) && c != '-' && c != '_'))
             er("Disallowed character in data-* attribute name");
     }
 
@@ -5124,9 +5127,11 @@ function blessData(s) {
 // CSS validation
 
 function atom(s) {
-    for (var i = 0; i < s.length; ++i) {
-        var c = s[i];
-        if (!isAlnum(c) && c != '+' && c != '-' && c != '.' && c != '%' && c != '#')
+    var chars = Array.from(s);
+    
+    for (var i = 0; i < chars.length; ++i) {
+        var c = chars[i];
+        if (c > maxCh || (!isAlnum(c) && c != '+' && c != '-' && c != '.' && c != '%' && c != '#'))
             er("Disallowed character in CSS atom");
     }
 
@@ -5134,10 +5139,12 @@ function atom(s) {
 }
 
 function css_url(s) {
-    for (var i = 0; i < s.length; ++i) {
-        var c = s[i];
-        if (!isAlnum(c) && c != ':' && c != '/' && c != '.' && c != '_' && c != '+'
-            && c != '-' && c != '%' && c != '?' && c != '&' && c != '=' && c != '#')
+    var chars = Array.from(s);
+    
+    for (var i = 0; i < chars.length; ++i) {
+        var c = chars[i];
+        if (c > maxCh || (!isAlnum(c) && c != ':' && c != '/' && c != '.' && c != '_' && c != '+'
+			  && c != '-' && c != '%' && c != '?' && c != '&' && c != '=' && c != '#'))
             er("Disallowed character in CSS URL");
     }
 
@@ -5145,15 +5152,17 @@ function css_url(s) {
 }
 
 function property(s) {
-    if (s.length <= 0)
+    var chars = Array.from(s);
+    
+    if (chars.length <= 0)
         er("Empty CSS property");
 
-    if (!isLower(s[0]) && s[0] != '_')
+    if (chars[0] > maxCh || (!isLower(chars[0]) && chars[0] != '_'))
         er("Bad initial character in CSS property");
 
-    for (var i = 0; i < s.length; ++i) {
-        var c = s[i];
-        if (!isLower(c) && !isDigit(c) && c != '_' && c != '-')
+    for (var i = 0; i < chars.length; ++i) {
+        var c = chars[i];
+        if (c > maxCh || (!isLower(c) && !isDigit(c) && c != '_' && c != '-'))
             er("Disallowed character in CSS property");
     }
 
-- 
cgit v1.2.3