mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-23 03:27:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed prevent XSS might break lots of tags and only need after rendered

Browse source
This commit is contained in:
Cheng-Han, Wu 2016-02-11 03:45:13 -06:00
parent 176021ccd8
commit 4c4a0e0f3f
10 changed files with 442 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

5
public/js/index.js
View file

@ -2132,11 +2132,12 @@ var lastResult = null;
function updateViewInner() {
if (currentMode == modeType.edit || !isDirty) return;
var value = editor.getValue();
value = filterXSS(value); // prevent xss
md.meta = {};
md.render(value); //only for get meta
parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix'));
var result = postProcess(md.render(value)).children().toArray();
var rendered = md.render(value);
rendered = preventXSS(rendered);
var result = postProcess(rendered).children().toArray();
partialUpdate(result, lastResult, ui.area.markdown.children().toArray());
if (result && lastResult && result.length != lastResult.length)
updateDataAttrs(result, ui.area.markdown.children().toArray());