Remove the xss library from webpack

We can load the xss functions directly from the library instead of
loading them through the expose loader of webpack, this should simplify
the setup and maybe even improve speed a bit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

2 files changed, 7 insertions, 4 deletions

diff --git a/public/js/render.js b/public/js/render.js
index 23b8934e..ff5e2bf2 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -1,6 +1,8 @@
 /* eslint-env browser, jquery */
-/* global filterXSS */
 // allow some attributes
+
+var filterXSS = require('xss')
+
 var whiteListAttr = ['id', 'class', 'style']
 window.whiteListAttr = whiteListAttr
 // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@@ -71,5 +73,6 @@ function preventXSS (html) {
 window.preventXSS = preventXSS
 
 module.exports = {
-  preventXSS: preventXSS
+  preventXSS: preventXSS,
+  escapeAttrValue: filterXSS.escapeAttrValue
 }
diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js
index d15b5ebd..ad5bfd04 100644
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@@ -1,6 +1,6 @@
 /* eslint-env browser, jquery */
 
-import { preventXSS } from './render'
+import { preventXSS, escapeAttrValue } from './render'
 import { md } from './extra'
 
 /**
@@ -259,7 +259,7 @@ import { md } from './extra'
       while ((matchesClass = mardownClassRegex.exec(classes))) {
         var name = matchesClass[1]
         var value = matchesClass[2]
-        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
+        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
       }
       return true
     }