summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorWu Cheng-Han2016-11-26 22:46:08 +0800
committerWu Cheng-Han2016-11-26 22:46:08 +0800
commitf86a9e0c4bbf852d2648430d5f7f3d837c40bd47 (patch)
tree1343b849e649c5d6490acec801266db7a4652cf2 /lib
parent9383df59c97e3c5d698411faf0e02d39d0aedec5 (diff)
Fix slide might trigger script when processing markdown which cause XSS [Security Issue]
Diffstat (limited to 'lib')
-rwxr-xr-xlib/response.js12
1 files changed, 1 insertions, 11 deletions
diff --git a/lib/response.js b/lib/response.js
index fa97f157..1a45d63a 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -16,15 +16,6 @@ var config = require("./config.js");
var logger = require("./logger.js");
var models = require("./models");
-//slides
-var md = require('reveal.js/plugin/markdown/markdown');
-
-//reveal.js
-var slideOptions = {
- separator: '^(\r\n?|\n)---(\r\n?|\n)$',
- verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
-};
-
//public
var response = {
errorForbidden: function (res) {
@@ -584,7 +575,6 @@ function showPublishSlide(req, res, next) {
var text = S(body).escapeHTML().s;
var title = models.Note.decodeTitle(note.title);
title = models.Note.generateWebTitle(meta.title || title);
- var slides = md.slidify(text, slideOptions);
var origin = config.serverurl;
var data = {
title: title,
@@ -593,7 +583,7 @@ function showPublishSlide(req, res, next) {
createtime: createtime,
updatetime: updatetime,
url: origin,
- slides: slides,
+ body: text,
meta: JSON.stringify(obj.meta || {}),
useCDN: config.usecdn,
owner: note.owner ? note.owner.id : null,