summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristoph (Sheogorath) Kern2018-11-11 19:01:44 +0100
committerGitHub2018-11-11 19:01:44 +0100
commit2a8b56e14b482faa38e9661ad0aa8d208085c50e (patch)
treee911a754979092b1d820393d2fb9e6ea20509da3
parenta1211abd322746210904a52cf01f390621df723d (diff)
parentc59b94a37b9d44f6c56b12f61cbfb80ff5f0db50 (diff)
Merge pull request #1046 from SISheogorath/feature/optimizeXSS
Remove the xss library from webpack
Diffstat (limited to '')
-rw-r--r--public/js/render.js7
-rw-r--r--public/js/reveal-markdown.js4
-rw-r--r--webpack.common.js6
3 files changed, 7 insertions, 10 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 23b8934e..ff5e2bf2 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -1,6 +1,8 @@
/* eslint-env browser, jquery */
-/* global filterXSS */
// allow some attributes
+
+var filterXSS = require('xss')
+
var whiteListAttr = ['id', 'class', 'style']
window.whiteListAttr = whiteListAttr
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@@ -71,5 +73,6 @@ function preventXSS (html) {
window.preventXSS = preventXSS
module.exports = {
- preventXSS: preventXSS
+ preventXSS: preventXSS,
+ escapeAttrValue: filterXSS.escapeAttrValue
}
diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js
index d15b5ebd..ad5bfd04 100644
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@@ -1,6 +1,6 @@
/* eslint-env browser, jquery */
-import { preventXSS } from './render'
+import { preventXSS, escapeAttrValue } from './render'
import { md } from './extra'
/**
@@ -259,7 +259,7 @@ import { md } from './extra'
while ((matchesClass = mardownClassRegex.exec(classes))) {
var name = matchesClass[1]
var value = matchesClass[2]
- if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
+ if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
}
return true
}
diff --git a/webpack.common.js b/webpack.common.js
index 1fbf247d..1e9c0707 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -202,7 +202,6 @@ module.exports = {
'babel-polyfill',
'script-loader!jquery-ui-resizable',
'script-loader!js-url',
- 'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'expose-loader?LZString!lz-string',
'script-loader!codemirror',
@@ -253,7 +252,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
- 'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'script-loader!gist-embed',
'expose-loader?LZString!lz-string',
@@ -273,7 +271,6 @@ module.exports = {
],
pretty: [
'babel-polyfill',
- 'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@@ -298,7 +295,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
- 'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',
@@ -310,7 +306,6 @@ module.exports = {
slide: [
'babel-polyfill',
'bootstrap-tooltip',
- 'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@@ -338,7 +333,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
- 'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',