diff options
author | Philip Molares | 2021-01-14 02:51:08 +0100 |
---|---|---|
committer | Philip Molares | 2021-01-14 11:18:09 +0100 |
commit | 35b0d39a12aa35f27fba8c1f50b1886706e7efef (patch) | |
tree | 0c68fd53b5d2913eb31f04c6e76b78d8e1ab41de /public | |
parent | 5bdb39241374afc3da801a4032ebc306f8562035 (diff) |
added sanitation to the slideMode in frontmatter
This should prevent the issue mentioned in https://github.com/hackmdio/codimd/issues/1648
Specifically left out are
- dependency (user can't really include anything anyway, because CSP forbids most domains)
- autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this)
- keyboard (this let's users write arbitrary code and seems therefore to problematic)
See:
https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Diffstat (limited to '')
-rw-r--r-- | public/js/slide.js | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/public/js/slide.js b/public/js/slide.js index 3a47ac43..b0ef81ab 100644 --- a/public/js/slide.js +++ b/public/js/slide.js @@ -72,7 +72,56 @@ const defaultOptions = { // options from yaml meta const meta = JSON.parse($('#meta').text()) -var options = meta.slideOptions || {} +var options = { + autoPlayMedia: meta.slideOptions.autoPlayMedia, + autoSlide: meta.slideOptions.autoSlide, + autoSlideStoppable: meta.slideOptions.autoSlideStoppable, + backgroundTransition: meta.slideOptions.backgroundTransition, + center: meta.slideOptions.center, + controls: meta.slideOptions.controls, + controlsBackArrows: meta.slideOptions.controlsBackArrows, + controlsLayout: meta.slideOptions.controlsLayout, + controlsTutorial: meta.slideOptions.controlsTutorial, + defaultTiming: meta.slideOptions.defaultTiming, + display: meta.slideOptions.display, + embedded: meta.slideOptions.embedded, + fragmentInURL: meta.slideOptions.fragmentInURL, + fragments: meta.slideOptions.fragments, + hash: meta.slideOptions.hash, + height: meta.slideOptions.height, + help: meta.slideOptions.help, + hideAddressBar: meta.slideOptions.hideAddressBar, + hideCursorTime: meta.slideOptions.hideCursorTime, + hideInactiveCursor: meta.slideOptions.hideInactiveCursor, + history: meta.slideOptions.history, + keyboard: meta.slideOptions.keyboard, + loop: meta.slideOptions.loop, + margin: meta.slideOptions.margin, + maxScale: meta.slideOptions.maxScale, + minScale: meta.slideOptions.minScale, + minimumTimePerSlide: meta.slideOptions.minimumTimePerSlide, + mobileViewDistance: meta.slideOptions.mobileViewDistance, + mouseWheel: meta.slideOptions.mouseWheel, + navigationMode: meta.slideOptions.navigationMode, + overview: meta.slideOptions.overview, + parallaxBackgroundHorizontal: meta.slideOptions.parallaxBackgroundHorizontal, + parallaxBackgroundImage: meta.slideOptions.parallaxBackgroundImage, + parallaxBackgroundSize: meta.slideOptions.parallaxBackgroundSize, + parallaxBackgroundVertical: meta.slideOptions.parallaxBackgroundVertical, + preloadIframes: meta.slideOptions.preloadIframes, + previewLinks: meta.slideOptions.previewLinks, + progress: meta.slideOptions.progress, + rtl: meta.slideOptions.rtl, + showNotes: meta.slideOptions.showNotes, + shuffle: meta.slideOptions.shuffle, + slideNumber: meta.slideOptions.slideNumber, + totalTime: meta.slideOptions.totalTime, + touch: meta.slideOptions.touch, + transition: meta.slideOptions.transition, + transitionSpeed: meta.slideOptions.transitionSpeed, + viewDistance: meta.slideOptions.viewDistance, + width: meta.slideOptions.width +} || {} const view = $('.reveal') |