mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 14:44:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue]

Browse source
This commit is contained in:
Wu Cheng-Han 2016-11-26 22:46:58 +08:00
parent f86a9e0c4b
commit 79d5b2c37f
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
public/js/render.js
View file

@ -1,5 +1,6 @@
// allow some attributes
var whiteListAttr = ['id', 'class', 'style'];
window.whiteListAttr = whiteListAttr;
// allow link starts with '.', '/' and custom protocol with '://'
var linkRegex = /^([\w|-]+:\/\/)|^([\.|\/])+/;
// allow data uri, from https://gist.github.com/bgrins/6194623