Fix slide mode contains unclosed tags might cause XSS [Security Issue]

author: Wu Cheng-Han 2017-09-27 18:21:28 +0800
committer: Wu Cheng-Han 2017-09-27 18:21:28 +0800
commit: f2743ff8f87d79556ced7e038dd3486f19f116b0 (patch)
tree: f34fb6b584082ca7cb20c7d67ba24b1be6c077f0
parent: 9b00afb863e475e9a72d06d61591535bd38d2d3e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/public/js/slide.js b/public/js/slide.js
index 293ebfe2..59a352ec 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -4,9 +4,10 @@
 require('../css/extra.css')
 require('../css/site.css')
 
+import { preventXSS } from './render'
 import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
 
-const body = $('.slides').text()
+const body = preventXSS($('.slides').text())
 
 window.createtime = window.lastchangeui.time.attr('data-createtime')
 window.lastchangetime = window.lastchangeui.time.attr('data-updatetime')
author	Wu Cheng-Han	2017-09-27 18:21:28 +0800
committer	Wu Cheng-Han	2017-09-27 18:21:28 +0800
commit	f2743ff8f87d79556ced7e038dd3486f19f116b0 (patch)
tree	f34fb6b584082ca7cb20c7d67ba24b1be6c077f0
parent	9b00afb863e475e9a72d06d61591535bd38d2d3e (diff)