diff options
author | Wu Cheng-Han | 2017-09-27 18:20:04 +0800 |
---|---|---|
committer | Wu Cheng-Han | 2017-09-27 18:20:04 +0800 |
commit | 9b00afb863e475e9a72d06d61591535bd38d2d3e (patch) | |
tree | 318fb410ebb54bc17740eb6992ba37cdb03bb929 /public/js | |
parent | d1d6d5810b12645ddb02275ce0c2498b2189a8a0 (diff) |
Fix unclosed tags might cause XSS [Security Issue]
Diffstat (limited to 'public/js')
-rw-r--r-- | public/js/render.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js index 88a05bde..e2574b5f 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -27,7 +27,7 @@ var filterXSSOptions = { whiteList: whiteList, escapeHtml: function (html) { // allow html comment in multiple lines - return html.replace(/<(.*?)>/g, '<$1>') + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') }, onIgnoreTag: function (tag, html, options) { // allow comment tag |