diff options
-rw-r--r-- | app.js | 3 | ||||
-rw-r--r-- | package.json | 1 | ||||
-rw-r--r-- | public/js/extra.js | 13 | ||||
-rw-r--r-- | yarn.lock | 38 |
4 files changed, 23 insertions, 32 deletions
@@ -289,6 +289,9 @@ function handleTermSignals () { socket.disconnect(true) }, 0) }) + if (config.path) { + fs.unlink(config.path) + } var checkCleanTimer = setInterval(function () { if (realtime.isReady()) { models.Revision.checkAllNotesRevision(function (err, notes) { diff --git a/package.json b/package.json index 331d42d4..c0d3cf91 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ "diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git", "ejs": "^2.5.5", "emojify.js": "~1.1.0", + "escape-html": "^1.0.3", "express": ">=4.14", "express-session": "^1.14.2", "file-saver": "^1.3.3", diff --git a/public/js/extra.js b/public/js/extra.js index b80290d1..011e2143 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -15,6 +15,7 @@ import hljs from 'highlight.js' import PDFObject from 'pdfobject' import S from 'string' import { saveAs } from 'file-saver' +import escapeHTML from 'escape-html' require('./lib/common/login') require('../vendor/md-toc') @@ -323,7 +324,7 @@ export function finishView (view) { svg[0].setAttribute('preserveAspectRatio', 'xMidYMid meet') } catch (err) { $value.unwrap() - $value.parent().append('<div class="alert alert-warning">' + err + '</div>') + $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`) console.warn(err) } }) @@ -347,7 +348,7 @@ export function finishView (view) { $value.children().unwrap().unwrap() } catch (err) { $value.unwrap() - $value.parent().append('<div class="alert alert-warning">' + err + '</div>') + $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`) console.warn(err) } }) @@ -366,7 +367,7 @@ export function finishView (view) { $value.children().unwrap().unwrap() } catch (err) { $value.unwrap() - $value.parent().append('<div class="alert alert-warning">' + err + '</div>') + $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`) console.warn(err) } }) @@ -388,7 +389,7 @@ export function finishView (view) { } $value.unwrap() - $value.parent().append('<div class="alert alert-warning">' + errormessage + '</div>') + $value.parent().append(`<div class="alert alert-warning">${escapeHTML(errormessage)}</div>`) console.warn(errormessage) } }) @@ -408,7 +409,7 @@ export function finishView (view) { svg[0].setAttribute('preserveAspectRatio', 'xMidYMid meet') } catch (err) { $value.unwrap() - $value.parent().append('<div class="alert alert-warning">' + err + '</div>') + $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`) console.warn(err) } }) @@ -568,7 +569,7 @@ export function postProcess (code) { if (warning && warning.length > 0) { warning.text(md.metaError) } else { - warning = $('<div id="meta-error" class="alert alert-warning">' + md.metaError + '</div>') + warning = $(`<div id="meta-error" class="alert alert-warning">${escapeHTML(md.metaError)}</div>`) result.prepend(warning) } } @@ -513,7 +513,7 @@ are-we-there-yet@~1.1.2: delegates "^1.0.0" readable-stream "^2.0.6" -argparse@^1.0.2, argparse@^1.0.7: +argparse@^1.0.7: version "1.0.10" resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg== @@ -3373,7 +3373,7 @@ es6-weak-map@^2.0.2: es6-iterator "^2.0.1" es6-symbol "^3.1.1" -escape-html@~1.0.3: +escape-html@^1.0.3, escape-html@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988" integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg= @@ -3531,11 +3531,6 @@ espree@^5.0.1: acorn-jsx "^5.0.0" eslint-visitor-keys "^1.0.0" -esprima@^2.6.0: - version "2.7.3" - resolved "https://registry.yarnpkg.com/esprima/-/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581" - integrity sha1-luO3DVd59q1JzQMmc9HDEnZ7pYE= - esprima@^3.1.3: version "3.1.3" resolved "https://registry.yarnpkg.com/esprima/-/esprima-3.1.3.tgz#fdca51cee6133895e3c88d535ce49dbff62a4633" @@ -5623,7 +5618,7 @@ js-url@^2.3.0: grunt-contrib-qunit "" grunt-contrib-uglify "" -js-yaml@^3.13.0, js-yaml@^3.13.1: +js-yaml@^3.13.0, js-yaml@^3.13.1, js-yaml@~3.13.1: version "3.13.1" resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.13.1.tgz#aff151b30bfdfa8e49e05da22e7415e9dfa37847" integrity sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw== @@ -5631,14 +5626,6 @@ js-yaml@^3.13.0, js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" -js-yaml@~3.5.5: - version "3.5.5" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.5.5.tgz#0377c38017cabc7322b0d1fbcd25a491641f2fbe" - integrity sha1-A3fDgBfKvHMisNH7zSWkkWQfL74= - dependencies: - argparse "^1.0.2" - esprima "^2.6.0" - jsbn@~0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" @@ -6421,10 +6408,10 @@ markdown-pdf@^9.0.0: through2 "^2.0.0" tmp "0.0.33" -marked@~0.3.6: - version "0.3.19" - resolved "https://registry.yarnpkg.com/marked/-/marked-0.3.19.tgz#5d47f709c4c9fc3c216b6d46127280f40b39d790" - integrity sha512-ea2eGWOqNxPcXv8dyERdSr/6FmzvWwzjMxpfGB/sbMccXoct+xY+YukPD+QTUZwyvK7BZwcr4m21WBOW41pAkg== +marked@~0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/marked/-/marked-0.6.2.tgz#c574be8b545a8b48641456ca1dbe0e37b6dccc1a" + integrity sha512-LqxwVH3P/rqKX4EKGz7+c2G9r98WeM/SW34ybhgNGhUQNKtf1GmmSkJ6cDGJ/t6tiyae49qRkpyTw2B9HOrgUA== math-interval-parser@^1.1.0: version "1.1.0" @@ -6558,13 +6545,12 @@ messageformat@^0.3.1: nopt "~3.0.6" watchr "~2.4.13" -meta-marked@^0.4.2: - version "0.4.2" - resolved "https://registry.yarnpkg.com/meta-marked/-/meta-marked-0.4.2.tgz#4a1fae344f53d7040aacabb723e2f432a37455f8" - integrity sha1-Sh+uNE9T1wQKrKu3I+L0MqN0Vfg= +"meta-marked@git+https://github.com/codimd/meta-marked#semver:^0.4.2": + version "0.4.4" + resolved "git+https://github.com/codimd/meta-marked#04fd9775b38566e41b71e3e63bd78717d3eb4445" dependencies: - js-yaml "~3.5.5" - marked "~0.3.6" + js-yaml "~3.13.1" + marked "~0.6.2" method-override@^2.3.7: version "2.3.10" |