Fix slide might trigger script when processing markdown which cause XSS [Security Issue]

author: Wu Cheng-Han 2016-11-26 22:46:08 +0800
committer: Wu Cheng-Han 2016-11-26 22:46:08 +0800
commit: f86a9e0c4bbf852d2648430d5f7f3d837c40bd47 (patch)
tree: 1343b849e649c5d6490acec801266db7a4652cf2 /lib/response.js
parent: 9383df59c97e3c5d698411faf0e02d39d0aedec5 (diff)
1 files changed, 1 insertions, 11 deletions
diff --git a/lib/response.js b/lib/response.js
index fa97f157..1a45d63a 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -16,15 +16,6 @@ var config = require("./config.js");
 var logger = require("./logger.js");
 var models = require("./models");
 
-//slides
-var md = require('reveal.js/plugin/markdown/markdown');
-
-//reveal.js
-var slideOptions = {
-    separator: '^(\r\n?|\n)---(\r\n?|\n)$',
-    verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
-};
-
 //public
 var response = {
     errorForbidden: function (res) {
@@ -584,7 +575,6 @@ function showPublishSlide(req, res, next) {
             var text = S(body).escapeHTML().s;
             var title = models.Note.decodeTitle(note.title);
             title = models.Note.generateWebTitle(meta.title || title);
-            var slides = md.slidify(text, slideOptions);
             var origin = config.serverurl;
             var data = {
                 title: title,
@@ -593,7 +583,7 @@ function showPublishSlide(req, res, next) {
                 createtime: createtime,
                 updatetime: updatetime,
                 url: origin,
-                slides: slides,
+                body: text,
                 meta: JSON.stringify(obj.meta || {}),
                 useCDN: config.usecdn,
                 owner: note.owner ? note.owner.id : null,
author	Wu Cheng-Han	2016-11-26 22:46:08 +0800
committer	Wu Cheng-Han	2016-11-26 22:46:08 +0800
commit	f86a9e0c4bbf852d2648430d5f7f3d837c40bd47 (patch)
tree	1343b849e649c5d6490acec801266db7a4652cf2 /lib/response.js
parent	9383df59c97e3c5d698411faf0e02d39d0aedec5 (diff)