Fix slide might trigger script when processing markdown which cause XSS [Security Issue]

author: Wu Cheng-Han 2016-11-26 22:46:08 +0800
committer: Wu Cheng-Han 2016-11-26 22:46:08 +0800
commit: f86a9e0c4bbf852d2648430d5f7f3d837c40bd47 (patch)
tree: 1343b849e649c5d6490acec801266db7a4652cf2 /public/js
parent: 9383df59c97e3c5d698411faf0e02d39d0aedec5 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/public/js/slide.js b/public/js/slide.js
index b9521e64..a8411570 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -12,8 +12,7 @@ var finishView = extraModule.finishView;
 
 var preventXSS = require('./render').preventXSS;
 
-var body = $(".slides").html();
-$(".slides").html(S(body).unescapeHTML().s);
+var body = $(".slides").text();
 
 createtime = lastchangeui.time.attr('data-createtime');
 lastchangetime = lastchangeui.time.attr('data-updatetime');
@@ -47,8 +46,15 @@ var deps = [{
     }
 }, {
     src: serverurl + '/js/reveal-markdown.js',
-    condition: function() {
-        return !!document.querySelector('[data-markdown]');
+    callback: function () {
+        var slideOptions = {
+            separator: '^(\r\n?|\n)---(\r\n?|\n)$',
+            verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
+        };
+        var slides = RevealMarkdown.slidify(body, slideOptions);
+        $(".slides").html(slides);
+        RevealMarkdown.initialize();
+        $(".slides").show();
     }
 }, {
     src: serverurl + '/vendor/reveal.js/plugin/notes/notes.js',
author	Wu Cheng-Han	2016-11-26 22:46:08 +0800
committer	Wu Cheng-Han	2016-11-26 22:46:08 +0800
commit	f86a9e0c4bbf852d2648430d5f7f3d837c40bd47 (patch)
tree	1343b849e649c5d6490acec801266db7a4652cf2 /public/js
parent	9383df59c97e3c5d698411faf0e02d39d0aedec5 (diff)