From b43c7e7c99ab3980c08a0954e4a596a17ec19124 Mon Sep 17 00:00:00 2001
From: Peter 'Pita' Martischka <petermartischka@googlemail.com>
Date: Tue, 26 Jul 2011 16:17:02 +0100
Subject: [PATCH] ensure non url chars are not used for pad names or pad links

---
 static/js/pad2.js      | 13 +++++++++++--
 static/timeslider.html |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/static/js/pad2.js b/static/js/pad2.js
index 260b3dd09..4858e0b25 100644
--- a/static/js/pad2.js
+++ b/static/js/pad2.js
@@ -20,6 +20,15 @@ var socket;
 
 $(document).ready(function()
 {
+  //test if the url is proper, means without any ? or # that doesn't belong to a url
+  //if it isn't proper, clean the url a do a redirect
+  var padId = document.location.pathname.substring(document.location.pathname.lastIndexOf("/") + 1);  
+  var expectedURL = document.location.href.substring(0,document.location.href.lastIndexOf("/") ) + "/" + padId;
+  if(expectedURL != document.location.href)
+  {
+    document.location = expectedURL;
+  }
+
   handshake();
 });
 
@@ -82,8 +91,8 @@ function handshake()
 
   socket.once('connect', function()
   {
-    var padId = document.URL.substring(document.URL.lastIndexOf("/") + 1);
-
+    var padId = document.location.pathname.substring(document.location.pathname.lastIndexOf("/") + 1);
+    
     document.title = document.title + " | " + padId;
 
     var token = readCookie("token");
diff --git a/static/timeslider.html b/static/timeslider.html
index a366436e4..19cb7d23a 100644
--- a/static/timeslider.html
+++ b/static/timeslider.html
@@ -52,7 +52,7 @@
   $(window).load(function () 
   {
     //get the padId out of the url 
-    var urlParts= document.URL.split("/");
+    var urlParts= document.pathname.split("/");
     padId = urlParts[urlParts.length-2];
         
     //set the title