mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-14 23:24:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prevent XSS in markdown rendering

Browse source
This commit is contained in:
Cheng-Han, Wu 2016-02-11 02:36:52 -06:00
parent fdb9c47354
commit 6700f033ab
5 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
public/js/index.js
View file

@ -2131,6 +2131,7 @@ var lastResult = null;
function updateViewInner() {
if (currentMode == modeType.edit || !isDirty) return;
var value = editor.getValue();
value = filterXSS(value); // prevent xss
md.meta = {};
md.render(value); //only for get meta
parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix'));