diff options
author | Cheng-Han, Wu | 2016-02-11 03:45:13 -0600 |
---|---|---|
committer | Cheng-Han, Wu | 2016-02-11 03:45:13 -0600 |
commit | 4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d (patch) | |
tree | d3e79f4a2481ad55eac4e56a56bb541fbb214783 /public/js/index.js | |
parent | 176021ccd85630abbc3af4001f9a590d4277e584 (diff) |
Fixed prevent XSS might break lots of tags and only need after rendered
Diffstat (limited to 'public/js/index.js')
-rw-r--r-- | public/js/index.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/public/js/index.js b/public/js/index.js index 1150f7ae..2e797ac3 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -2132,11 +2132,12 @@ var lastResult = null; function updateViewInner() { if (currentMode == modeType.edit || !isDirty) return; var value = editor.getValue(); - value = filterXSS(value); // prevent xss md.meta = {}; md.render(value); //only for get meta parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix')); - var result = postProcess(md.render(value)).children().toArray(); + var rendered = md.render(value); + rendered = preventXSS(rendered); + var result = postProcess(rendered).children().toArray(); partialUpdate(result, lastResult, ui.area.markdown.children().toArray()); if (result && lastResult && result.length != lastResult.length) updateDataAttrs(result, ui.area.markdown.children().toArray()); |