summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWu Cheng-Han2017-03-14 16:27:55 +0800
committerWu Cheng-Han2017-03-14 16:27:55 +0800
commitf491cdabc1dd82e93523ac0e156a669d9f37ba89 (patch)
tree04ba9d721e46eaf379fd3ccc71955a88c5ca8070
parentedb1b4aa0a72ac8b0215211c9dbc54156c3ff91f (diff)
Fix rendering might result XSS attribute on self closing tag [Security Issue]
-rw-r--r--public/js/extra.js13
-rw-r--r--public/js/index.js2
-rw-r--r--public/js/pretty.js2
-rw-r--r--public/js/slide.js4
4 files changed, 20 insertions, 1 deletions
diff --git a/public/js/extra.js b/public/js/extra.js
index 844d52c6..1ba4a13c 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -551,6 +551,19 @@ export function postProcess (code) {
}
window.postProcess = postProcess
+var domevents = Object.getOwnPropertyNames(document).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(Object.getPrototypeOf(document)))).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(window))).filter(function (i) {
+ return !i.indexOf('on') && (document[i] === null || typeof document[i] === 'function')
+}).filter(function (elem, pos, self) {
+ return self.indexOf(elem) === pos
+})
+
+export function removeDOMEvents (view) {
+ for (var i = 0, l = domevents.length; i < l; i++) {
+ view.find('[' + domevents[i] + ']').removeAttr(domevents[i])
+ }
+}
+window.removeDOMEvents = removeDOMEvents
+
function generateCleanHTML (view) {
const src = view.clone()
const eles = src.find('*')
diff --git a/public/js/index.js b/public/js/index.js
index e672a68d..23e0f168 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -42,6 +42,7 @@ import {
deduplicatedHeaderId,
exportToHTML,
exportToRawHTML,
+ removeDOMEvents,
finishView,
generateToc,
isValidURL,
@@ -3374,6 +3375,7 @@ function updateViewInner () {
if (result && lastResult && result.length !== lastResult.length) { updateDataAttrs(result, ui.area.markdown.children().toArray()) }
lastResult = $(result).clone()
}
+ removeDOMEvents(ui.area.markdown)
finishView(ui.area.markdown)
autoLinkify(ui.area.markdown)
deduplicatedHeaderId(ui.area.markdown)
diff --git a/public/js/pretty.js b/public/js/pretty.js
index 718941a8..ff6f9dfd 100644
--- a/public/js/pretty.js
+++ b/public/js/pretty.js
@@ -10,6 +10,7 @@ require('highlight.js/styles/github-gist.css')
import {
autoLinkify,
deduplicatedHeaderId,
+ removeDOMEvents,
finishView,
generateToc,
md,
@@ -57,6 +58,7 @@ if (md.meta.type && md.meta.type === 'slide') {
}
$(document.body).show()
+removeDOMEvents(markdown)
finishView(markdown)
autoLinkify(markdown)
deduplicatedHeaderId(markdown)
diff --git a/public/js/slide.js b/public/js/slide.js
index e743bb55..8d4b7153 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -4,7 +4,7 @@
require('../css/extra.css')
require('../css/site.css')
-import { md, updateLastChange, finishView } from './extra'
+import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
const body = $('.slides').text()
@@ -109,6 +109,7 @@ function renderSlide (event) {
if (window.location.search.match(/print-pdf/gi)) {
const slides = $('.slides')
let title = document.title
+ removeDOMEvents(slides)
finishView(slides)
document.title = title
Reveal.layout()
@@ -116,6 +117,7 @@ function renderSlide (event) {
const markdown = $(event.currentSlide)
if (!markdown.attr('data-rendered')) {
let title = document.title
+ removeDOMEvents(markdown)
finishView(markdown)
markdown.attr('data-rendered', 'true')
document.title = title