mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-14 15:14:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

Browse source
This commit is contained in:
Wu Cheng-Han 2016-11-26 22:55:31 +08:00
parent b43e63dd21
commit 9d4ede4cff
8 changed files with 15 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
public/js/pretty.js
View file

@ -4,9 +4,6 @@ require('../css/site.css');
require('highlight.js/styles/github-gist.css');
/* other vendors plugin */
var S = require('string');
var extra = require('./extra');
var md = extra.md;
var finishView = extra.finishView;
@ -22,7 +19,7 @@ var scrollToHash = extra.scrollToHash;
var preventXSS = require('./render').preventXSS;
var markdown = $("#doc.markdown-body");
var text = S(markdown.html()).unescapeHTML().s;
var text = markdown.text();
var lastMeta = md.meta;
md.meta = {};
var rendered = md.render(text);