mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-16 16:14:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed prevent XSS might break lots of tags and only need after rendered

Browse source
This commit is contained in:
Cheng-Han, Wu 2016-02-11 03:45:13 -06:00
parent 176021ccd8
commit 4c4a0e0f3f
10 changed files with 442 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/response.js
View file

@ -11,7 +11,6 @@ var shortId = require('shortid');
var metaMarked = require('meta-marked');
var querystring = require('querystring');
var request = require('request');
var xss = require('xss');
//core
var config = require("../config.js");
@ -228,7 +227,6 @@ function showPublishNote(req, res, next) {
//na
}
var updatetime = notedata.update_time;
body = xss(body); // prevent xss
var text = S(body).escapeHTML().s;
var title = notedata.title;
var decodedTitle = LZString.decompressFromBase64(title);
@ -612,7 +610,6 @@ function showPublishSlide(req, res, next) {
var decodedTitle = LZString.decompressFromBase64(title);
if (decodedTitle) title = decodedTitle;
title = Note.generateWebTitle(title);
body = xss(body); // prevent xss
var text = S(body).escapeHTML().s;
render(res, title, text);
});