Fixed prevent XSS might break lots of tags and only need after rendered

author: Cheng-Han, Wu 2016-02-11 03:45:13 -0600
committer: Cheng-Han, Wu 2016-02-11 03:45:13 -0600
commit: 4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d (patch)
tree: d3e79f4a2481ad55eac4e56a56bb541fbb214783 /public/js/index.js
parent: 176021ccd85630abbc3af4001f9a590d4277e584 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/public/js/index.js b/public/js/index.js
index 1150f7ae..2e797ac3 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -2132,11 +2132,12 @@ var lastResult = null;
 function updateViewInner() {
     if (currentMode == modeType.edit || !isDirty) return;
     var value = editor.getValue();
-    value = filterXSS(value); // prevent xss
     md.meta = {};
     md.render(value); //only for get meta
     parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix'));
-    var result = postProcess(md.render(value)).children().toArray();
+    var rendered = md.render(value);
+    rendered = preventXSS(rendered);
+    var result = postProcess(rendered).children().toArray();
     partialUpdate(result, lastResult, ui.area.markdown.children().toArray());
     if (result && lastResult && result.length != lastResult.length)
         updateDataAttrs(result, ui.area.markdown.children().toArray());
author	Cheng-Han, Wu	2016-02-11 03:45:13 -0600
committer	Cheng-Han, Wu	2016-02-11 03:45:13 -0600
commit	4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d (patch)
tree	d3e79f4a2481ad55eac4e56a56bb541fbb214783 /public/js/index.js
parent	176021ccd85630abbc3af4001f9a590d4277e584 (diff)