diff options
author | Cheng-Han, Wu | 2016-02-11 02:36:52 -0600 |
---|---|---|
committer | Cheng-Han, Wu | 2016-02-11 02:36:52 -0600 |
commit | 6700f033ab2c2e6f5ab1293025d3485ecc37c321 (patch) | |
tree | 102e3028a49d938e5c5d782568d9fbbf1937a782 /public | |
parent | fdb9c47354fd370f6e69c61f2fec4a552450a62a (diff) |
Prevent XSS in markdown rendering
Diffstat (limited to '')
-rw-r--r-- | public/js/index.js | 1 | ||||
-rw-r--r-- | public/views/foot.ejs | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/public/js/index.js b/public/js/index.js index b4e33ae3..ad77e0d3 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -2131,6 +2131,7 @@ var lastResult = null; function updateViewInner() { if (currentMode == modeType.edit || !isDirty) return; var value = editor.getValue(); + value = filterXSS(value); // prevent xss md.meta = {}; md.render(value); //only for get meta parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix')); diff --git a/public/views/foot.ejs b/public/views/foot.ejs index b0006f7b..3a5ef145 100644 --- a/public/views/foot.ejs +++ b/public/views/foot.ejs @@ -29,6 +29,7 @@ <script src="/vendor/remarkable-regex.js" defer></script> <script src="/vendor/gist-embed.js" defer></script> <script src="/vendor/lz-string/libs/lz-string.min.js" defer></script> +<script src="/vendor/xss/dist/xss.min.js" defer></script> <script src="/vendor/string.min.js" defer></script> <script src="/vendor/highlight-js/highlight.min.js" defer></script> <script src="/vendor/js.cookie.js" defer></script> |