diff options
author | Cheng-Han, Wu | 2016-04-20 18:10:43 +0800 |
---|---|---|
committer | Cheng-Han, Wu | 2016-04-20 18:10:43 +0800 |
commit | edc3a31dfdb03e910d7355144280e281eeb582d5 (patch) | |
tree | 1f393363ed973bb9594128590701a685218af48d | |
parent | 0fb70a1487f6c2ce612c372f12aaf157078a478f (diff) |
Fix XSS HTML replace might get wrong on the HTML comments in the code tags
Diffstat (limited to '')
-rw-r--r-- | public/js/render.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/public/js/render.js b/public/js/render.js index 9c1fa273..5c2b017a 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -3,6 +3,10 @@ var whiteListAttr = ['id', 'class', 'style']; var filterXSSOptions = { allowCommentTag: true, + escapeHtml: function (html) { + // to allow html comment in multiple lines + return html.replace(/<(.*?)>/g, '<$1>'); + }, onIgnoreTag: function (tag, html, options) { // allow style in html if (whiteListTag.indexOf(tag) !== -1) { |