mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-15 15:44:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix slide might trigger script when processing markdown which cause XSS [Security Issue]

Browse source
This commit is contained in:
Wu Cheng-Han 2016-11-26 22:46:08 +08:00
parent 9383df59c9
commit f86a9e0c4b
3 changed files with 12 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

14
public/js/slide.js
View file

@ -12,8 +12,7 @@ var finishView = extraModule.finishView;
var preventXSS = require('./render').preventXSS;
var body = $(".slides").html();
$(".slides").html(S(body).unescapeHTML().s);
var body = $(".slides").text();
createtime = lastchangeui.time.attr('data-createtime');
lastchangetime = lastchangeui.time.attr('data-updatetime');
@ -47,8 +46,15 @@ var deps = [{
}
}, {
src: serverurl + '/js/reveal-markdown.js',
condition: function() {
return !!document.querySelector('[data-markdown]');
callback: function () {
var slideOptions = {
separator: '^(\r\n?|\n)---(\r\n?|\n)$',
verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
};
var slides = RevealMarkdown.slidify(body, slideOptions);
$(".slides").html(slides);
RevealMarkdown.initialize();
$(".slides").show();
}
}, {
src: serverurl + '/vendor/reveal.js/plugin/notes/notes.js',