summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCheng-Han, Wu2016-04-20 18:10:43 +0800
committerCheng-Han, Wu2016-04-20 18:10:43 +0800
commitedc3a31dfdb03e910d7355144280e281eeb582d5 (patch)
tree1f393363ed973bb9594128590701a685218af48d
parent0fb70a1487f6c2ce612c372f12aaf157078a478f (diff)
Fix XSS HTML replace might get wrong on the HTML comments in the code tags
Diffstat (limited to '')
-rw-r--r--public/js/render.js4
1 files changed, 4 insertions, 0 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 9c1fa273..5c2b017a 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -3,6 +3,10 @@ var whiteListAttr = ['id', 'class', 'style'];
var filterXSSOptions = {
allowCommentTag: true,
+ escapeHtml: function (html) {
+ // to allow html comment in multiple lines
+ return html.replace(/<(.*?)>/g, '&lt;$1&gt;');
+ },
onIgnoreTag: function (tag, html, options) {
// allow style in html
if (whiteListTag.indexOf(tag) !== -1) {