summaryrefslogtreecommitdiff
path: root/public/js
diff options
context:
space:
mode:
authorWu Cheng-Han2016-11-26 22:55:31 +0800
committerWu Cheng-Han2016-11-26 22:55:31 +0800
commit9d4ede4cffae47b9fd81ffbd0f2edff47c29e224 (patch)
tree93f56b484e527a0e8b0a95c768925876e70d8f1f /public/js
parentb43e63dd21584c75ab7e0be6fe6331857f09c026 (diff)
Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]
Diffstat (limited to 'public/js')
-rw-r--r--public/js/pretty.js5
-rw-r--r--public/js/slide.js3
2 files changed, 1 insertions, 7 deletions
diff --git a/public/js/pretty.js b/public/js/pretty.js
index f43df90c..c1a471a1 100644
--- a/public/js/pretty.js
+++ b/public/js/pretty.js
@@ -4,9 +4,6 @@ require('../css/site.css');
require('highlight.js/styles/github-gist.css');
-/* other vendors plugin */
-var S = require('string');
-
var extra = require('./extra');
var md = extra.md;
var finishView = extra.finishView;
@@ -22,7 +19,7 @@ var scrollToHash = extra.scrollToHash;
var preventXSS = require('./render').preventXSS;
var markdown = $("#doc.markdown-body");
-var text = S(markdown.html()).unescapeHTML().s;
+var text = markdown.text();
var lastMeta = md.meta;
md.meta = {};
var rendered = md.render(text);
diff --git a/public/js/slide.js b/public/js/slide.js
index a8411570..8d45219e 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -2,9 +2,6 @@ require('../css/extra.css');
require('../css/site.css');
require('../css/slide.css');
-/* other vendors plugin */
-var S = require('string');
-
var extraModule = require('./extra');
var md = extraModule.md;
var updateLastChange = extraModule.updateLastChange;