mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-28 05:54:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1046 from SISheogorath/feature/optimizeXSS

Browse source 
Remove the xss library from webpack
This commit is contained in:
Christoph (Sheogorath) Kern 2018-11-11 19:01:44 +01:00 committed by GitHub
commit 2a8b56e14b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
public/js/render.js
View file

@ -1,6 +1,8 @@
/* eslint-env browser, jquery */
/* global filterXSS */
// allow some attributes
var filterXSS = require('xss')
var whiteListAttr = ['id', 'class', 'style']
window.whiteListAttr = whiteListAttr
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@ -71,5 +73,6 @@ function preventXSS (html) {
window.preventXSS = preventXSS
module.exports = {
preventXSS: preventXSS
preventXSS: preventXSS,
escapeAttrValue: filterXSS.escapeAttrValue
}

4
public/js/reveal-markdown.js
View file

@ -1,6 +1,6 @@
/* eslint-env browser, jquery */
import { preventXSS } from './render'
import { preventXSS, escapeAttrValue } from './render'
import { md } from './extra'
/**
@ -259,7 +259,7 @@ import { md } from './extra'
while ((matchesClass = mardownClassRegex.exec(classes))) {
var name = matchesClass[1]
var value = matchesClass[2]
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
}
return true
}