summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
authorSheogorath2018-11-10 20:24:41 +0100
committerSheogorath2018-11-10 20:27:07 +0100
commitc59b94a37b9d44f6c56b12f61cbfb80ff5f0db50 (patch)
treef9ffb51a7a23a45ac83c7babaf2035f239b0b320 /public
parent4e5e7df4f8ed5b4317ab9205ceb8c2b3231517ad (diff)
Remove the xss library from webpack
We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'public')
-rw-r--r--public/js/render.js7
-rw-r--r--public/js/reveal-markdown.js4
2 files changed, 7 insertions, 4 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 23b8934e..ff5e2bf2 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -1,6 +1,8 @@
/* eslint-env browser, jquery */
-/* global filterXSS */
// allow some attributes
+
+var filterXSS = require('xss')
+
var whiteListAttr = ['id', 'class', 'style']
window.whiteListAttr = whiteListAttr
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@@ -71,5 +73,6 @@ function preventXSS (html) {
window.preventXSS = preventXSS
module.exports = {
- preventXSS: preventXSS
+ preventXSS: preventXSS,
+ escapeAttrValue: filterXSS.escapeAttrValue
}
diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js
index d15b5ebd..ad5bfd04 100644
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@@ -1,6 +1,6 @@
/* eslint-env browser, jquery */
-import { preventXSS } from './render'
+import { preventXSS, escapeAttrValue } from './render'
import { md } from './extra'
/**
@@ -259,7 +259,7 @@ import { md } from './extra'
while ((matchesClass = mardownClassRegex.exec(classes))) {
var name = matchesClass[1]
var value = matchesClass[2]
- if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
+ if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
}
return true
}