mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-13 22:54:42 -04:00
added sanitation to the slideMode in frontmatter
This should prevent the issue mentioned in https://github.com/hackmdio/codimd/issues/1648 Specifically left out are - dependency (user can't really include anything anyway, because CSP forbids most domains) - autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this) - keyboard (this let's users write arbitrary code and seems therefore to problematic) See: https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares
parent
5bdb392413
commit
35b0d39a12
1 changed files with 50 additions and 1 deletions
|
|
@ -72,7 +72,56 @@ const defaultOptions = {
|
||||||
|
|
||||||
// options from yaml meta
|
// options from yaml meta
|
||||||
const meta = JSON.parse($('#meta').text())
|
const meta = JSON.parse($('#meta').text())
|
||||||
var options = meta.slideOptions || {}
|
var options = {
|
||||||
|
autoPlayMedia: meta.slideOptions.autoPlayMedia,
|
||||||
|
autoSlide: meta.slideOptions.autoSlide,
|
||||||
|
autoSlideStoppable: meta.slideOptions.autoSlideStoppable,
|
||||||
|
backgroundTransition: meta.slideOptions.backgroundTransition,
|
||||||
|
center: meta.slideOptions.center,
|
||||||
|
controls: meta.slideOptions.controls,
|
||||||
|
controlsBackArrows: meta.slideOptions.controlsBackArrows,
|
||||||
|
controlsLayout: meta.slideOptions.controlsLayout,
|
||||||
|
controlsTutorial: meta.slideOptions.controlsTutorial,
|
||||||
|
defaultTiming: meta.slideOptions.defaultTiming,
|
||||||
|
display: meta.slideOptions.display,
|
||||||
|
embedded: meta.slideOptions.embedded,
|
||||||
|
fragmentInURL: meta.slideOptions.fragmentInURL,
|
||||||
|
fragments: meta.slideOptions.fragments,
|
||||||
|
hash: meta.slideOptions.hash,
|
||||||
|
height: meta.slideOptions.height,
|
||||||
|
help: meta.slideOptions.help,
|
||||||
|
hideAddressBar: meta.slideOptions.hideAddressBar,
|
||||||
|
hideCursorTime: meta.slideOptions.hideCursorTime,
|
||||||
|
hideInactiveCursor: meta.slideOptions.hideInactiveCursor,
|
||||||
|
history: meta.slideOptions.history,
|
||||||
|
keyboard: meta.slideOptions.keyboard,
|
||||||
|
loop: meta.slideOptions.loop,
|
||||||
|
margin: meta.slideOptions.margin,
|
||||||
|
maxScale: meta.slideOptions.maxScale,
|
||||||
|
minScale: meta.slideOptions.minScale,
|
||||||
|
minimumTimePerSlide: meta.slideOptions.minimumTimePerSlide,
|
||||||
|
mobileViewDistance: meta.slideOptions.mobileViewDistance,
|
||||||
|
mouseWheel: meta.slideOptions.mouseWheel,
|
||||||
|
navigationMode: meta.slideOptions.navigationMode,
|
||||||
|
overview: meta.slideOptions.overview,
|
||||||
|
parallaxBackgroundHorizontal: meta.slideOptions.parallaxBackgroundHorizontal,
|
||||||
|
parallaxBackgroundImage: meta.slideOptions.parallaxBackgroundImage,
|
||||||
|
parallaxBackgroundSize: meta.slideOptions.parallaxBackgroundSize,
|
||||||
|
parallaxBackgroundVertical: meta.slideOptions.parallaxBackgroundVertical,
|
||||||
|
preloadIframes: meta.slideOptions.preloadIframes,
|
||||||
|
previewLinks: meta.slideOptions.previewLinks,
|
||||||
|
progress: meta.slideOptions.progress,
|
||||||
|
rtl: meta.slideOptions.rtl,
|
||||||
|
showNotes: meta.slideOptions.showNotes,
|
||||||
|
shuffle: meta.slideOptions.shuffle,
|
||||||
|
slideNumber: meta.slideOptions.slideNumber,
|
||||||
|
totalTime: meta.slideOptions.totalTime,
|
||||||
|
touch: meta.slideOptions.touch,
|
||||||
|
transition: meta.slideOptions.transition,
|
||||||
|
transitionSpeed: meta.slideOptions.transitionSpeed,
|
||||||
|
viewDistance: meta.slideOptions.viewDistance,
|
||||||
|
width: meta.slideOptions.width
|
||||||
|
} || {}
|
||||||
|
|
||||||
const view = $('.reveal')
|
const view = $('.reveal')
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue