Update from to-markdown to turndown

We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
author: Sheogorath 2018-11-21 11:11:47 +0100
committer: Sheogorath 2018-11-21 11:12:09 +0100
commit: 33774c11b989a6a8aa2517e1a83d39c43741fc90 (patch)
tree: 5e4ffcd190bf4449af4e4cb9cc71889e44417662 /public/js
parent: 2323d203b4fbeff87a2a8be3fc1c5f34c84120d3 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/public/js/index.js b/public/js/index.js
index c2969e92..a845b5d3 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -12,7 +12,7 @@ require('../css/site.css')
 
 require('highlight.js/styles/github-gist.css')
 
-import toMarkdown from 'to-markdown'
+import TurndownService from 'turndown'
 
 import { saveAs } from 'file-saver'
 import randomColor from 'randomcolor'
@@ -1498,7 +1498,12 @@ $('#snippetExportModalConfirm').click(function () {
 })
 
 function parseToEditor (data) {
-  var parsed = toMarkdown(data)
+  var turndownService = new TurndownService({
+    defaultReplacement: function (innerHTML, node) {
+      return node.isBlock ? '\n\n' + node.outerHTML + '\n\n' : node.outerHTML
+    }
+  })
+  var parsed = turndownService.turndown(data)
   if (parsed) { replaceAll(parsed) }
 }
author	Sheogorath	2018-11-21 11:11:47 +0100
committer	Sheogorath	2018-11-21 11:12:09 +0100
commit	33774c11b989a6a8aa2517e1a83d39c43741fc90 (patch)
tree	5e4ffcd190bf4449af4e4cb9cc71889e44417662 /public/js
parent	2323d203b4fbeff87a2a8be3fc1c5f34c84120d3 (diff)