Fix slide might trigger script when processing markdown which cause XSS [Security Issue]

2 files changed, 11 insertions, 5 deletions

diff --git a/public/js/slide.js b/public/js/slide.js
index b9521e64..a8411570 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -12,8 +12,7 @@ var finishView = extraModule.finishView;
 
 var preventXSS = require('./render').preventXSS;
 
-var body = $(".slides").html();
-$(".slides").html(S(body).unescapeHTML().s);
+var body = $(".slides").text();
 
 createtime = lastchangeui.time.attr('data-createtime');
 lastchangetime = lastchangeui.time.attr('data-updatetime');
@@ -47,8 +46,15 @@ var deps = [{
     }
 }, {
     src: serverurl + '/js/reveal-markdown.js',
-    condition: function() {
-        return !!document.querySelector('[data-markdown]');
+    callback: function () {
+        var slideOptions = {
+            separator: '^(\r\n?|\n)---(\r\n?|\n)$',
+            verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
+        };
+        var slides = RevealMarkdown.slidify(body, slideOptions);
+        $(".slides").html(slides);
+        RevealMarkdown.initialize();
+        $(".slides").show();
     }
 }, {
     src: serverurl + '/vendor/reveal.js/plugin/notes/notes.js',
diff --git a/public/views/slide.ejs b/public/views/slide.ejs
index 437f0c97..df23988d 100644
--- a/public/views/slide.ejs
+++ b/public/views/slide.ejs
@@ -55,7 +55,7 @@
     <body>
         <div class="container">
             <div class="reveal">
-                <div class="slides"><%- slides %></div>
+                <div class="slides" style="display: none;"><%- body %></div>
             </div>
 
             <div id="meta" style="display: none;"><%- meta %></div>