Fixed prevent XSS might break lots of tags and only need after rendered

author: Cheng-Han, Wu 2016-02-11 03:45:13 -0600
committer: Cheng-Han, Wu 2016-02-11 03:45:13 -0600
commit: 4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d (patch)
tree: d3e79f4a2481ad55eac4e56a56bb541fbb214783 /lib/response.js
parent: 176021ccd85630abbc3af4001f9a590d4277e584 (diff)
1 files changed, 0 insertions, 3 deletions
diff --git a/lib/response.js b/lib/response.js
index c12c4caa..07cb5ba9 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -11,7 +11,6 @@ var shortId = require('shortid');
 var metaMarked = require('meta-marked');
 var querystring = require('querystring');
 var request = require('request');
-var xss = require('xss');
 
 //core
 var config = require("../config.js");
@@ -228,7 +227,6 @@ function showPublishNote(req, res, next) {
                         //na
                     }
                     var updatetime = notedata.update_time;
-                    body = xss(body); // prevent xss
                     var text = S(body).escapeHTML().s;
                     var title = notedata.title;
                     var decodedTitle = LZString.decompressFromBase64(title);
@@ -612,7 +610,6 @@ function showPublishSlide(req, res, next) {
                     var decodedTitle = LZString.decompressFromBase64(title);
                     if (decodedTitle) title = decodedTitle;
                     title = Note.generateWebTitle(title);
-                    body = xss(body); // prevent xss
                     var text = S(body).escapeHTML().s;
                     render(res, title, text);
                 });
author	Cheng-Han, Wu	2016-02-11 03:45:13 -0600
committer	Cheng-Han, Wu	2016-02-11 03:45:13 -0600
commit	4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d (patch)
tree	d3e79f4a2481ad55eac4e56a56bb541fbb214783 /lib/response.js
parent	176021ccd85630abbc3af4001f9a590d4277e584 (diff)