diff options
| author | Christoph (Sheogorath) Kern | 2018-12-29 21:52:03 +0100 |
|---|---|---|
| committer | GitHub | 2018-12-29 21:52:03 +0100 |
| commit | dba9575c94743a4efd65ff3db0d8748161ca13f0 (patch) | |
| tree | b5aa48f2321cc793c3d389864c89a006401ef472 /public/js | |
| parent | f9cc2ff0ef56aa5f0a655f9209321460748ba621 (diff) | |
| parent | 067cfe2d1eedc5a58e5548785858e38fbaa0e84b (diff) | |
Merge pull request #1112 from hackmdio/fix-XSS-issues
Fix some XSS issues
Diffstat (limited to '')
| -rw-r--r-- | public/js/render.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js index ff5e2bf2..87e5cfdf 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -45,7 +45,7 @@ var filterXSSOptions = { // allow comment tag if (tag === '!--') { // do not filter its attributes - return html + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') } }, onTagAttr: function (tag, name, value, isWhiteAttr) { |