mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-06-02 07:59:56 -04:00
Fix slide might trigger script when processing markdown which cause XSS [Security Issue]
This commit is contained in:
Wu Cheng-Han
parent
9383df59c9
commit
f86a9e0c4b
3 changed files with 12 additions and 16 deletions
lib
|
|
@ -16,15 +16,6 @@ var config = require("./config.js");
|
|||
var logger = require("./logger.js");
|
||||
var models = require("./models");
|
||||
|
||||
//slides
|
||||
var md = require('reveal.js/plugin/markdown/markdown');
|
||||
|
||||
//reveal.js
|
||||
var slideOptions = {
|
||||
separator: '^(\r\n?|\n)---(\r\n?|\n)$',
|
||||
verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
|
||||
};
|
||||
|
||||
//public
|
||||
var response = {
|
||||
errorForbidden: function (res) {
|
||||
|
|
@ -584,7 +575,6 @@ function showPublishSlide(req, res, next) {
|
|||
var text = S(body).escapeHTML().s;
|
||||
var title = models.Note.decodeTitle(note.title);
|
||||
title = models.Note.generateWebTitle(meta.title || title);
|
||||
var slides = md.slidify(text, slideOptions);
|
||||
var origin = config.serverurl;
|
||||
var data = {
|
||||
title: title,
|
||||
|
|
@ -593,7 +583,7 @@ function showPublishSlide(req, res, next) {
|
|||
createtime: createtime,
|
||||
updatetime: updatetime,
|
||||
url: origin,
|
||||
slides: slides,
|
||||
body: text,
|
||||
meta: JSON.stringify(obj.meta || {}),
|
||||
useCDN: config.usecdn,
|
||||
owner: note.owner ? note.owner.id : null,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue