summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app.js3
-rw-r--r--package.json1
-rw-r--r--public/js/extra.js13
-rw-r--r--yarn.lock38
4 files changed, 23 insertions, 32 deletions
diff --git a/app.js b/app.js
index 3de99e6c..ceb22596 100644
--- a/app.js
+++ b/app.js
@@ -289,6 +289,9 @@ function handleTermSignals () {
socket.disconnect(true)
}, 0)
})
+ if (config.path) {
+ fs.unlink(config.path)
+ }
var checkCleanTimer = setInterval(function () {
if (realtime.isReady()) {
models.Revision.checkAllNotesRevision(function (err, notes) {
diff --git a/package.json b/package.json
index 331d42d4..c0d3cf91 100644
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
"ejs": "^2.5.5",
"emojify.js": "~1.1.0",
+ "escape-html": "^1.0.3",
"express": ">=4.14",
"express-session": "^1.14.2",
"file-saver": "^1.3.3",
diff --git a/public/js/extra.js b/public/js/extra.js
index b80290d1..011e2143 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -15,6 +15,7 @@ import hljs from 'highlight.js'
import PDFObject from 'pdfobject'
import S from 'string'
import { saveAs } from 'file-saver'
+import escapeHTML from 'escape-html'
require('./lib/common/login')
require('../vendor/md-toc')
@@ -323,7 +324,7 @@ export function finishView (view) {
svg[0].setAttribute('preserveAspectRatio', 'xMidYMid meet')
} catch (err) {
$value.unwrap()
- $value.parent().append('<div class="alert alert-warning">' + err + '</div>')
+ $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`)
console.warn(err)
}
})
@@ -347,7 +348,7 @@ export function finishView (view) {
$value.children().unwrap().unwrap()
} catch (err) {
$value.unwrap()
- $value.parent().append('<div class="alert alert-warning">' + err + '</div>')
+ $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`)
console.warn(err)
}
})
@@ -366,7 +367,7 @@ export function finishView (view) {
$value.children().unwrap().unwrap()
} catch (err) {
$value.unwrap()
- $value.parent().append('<div class="alert alert-warning">' + err + '</div>')
+ $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`)
console.warn(err)
}
})
@@ -388,7 +389,7 @@ export function finishView (view) {
}
$value.unwrap()
- $value.parent().append('<div class="alert alert-warning">' + errormessage + '</div>')
+ $value.parent().append(`<div class="alert alert-warning">${escapeHTML(errormessage)}</div>`)
console.warn(errormessage)
}
})
@@ -408,7 +409,7 @@ export function finishView (view) {
svg[0].setAttribute('preserveAspectRatio', 'xMidYMid meet')
} catch (err) {
$value.unwrap()
- $value.parent().append('<div class="alert alert-warning">' + err + '</div>')
+ $value.parent().append(`<div class="alert alert-warning">${escapeHTML(err)}</div>`)
console.warn(err)
}
})
@@ -568,7 +569,7 @@ export function postProcess (code) {
if (warning && warning.length > 0) {
warning.text(md.metaError)
} else {
- warning = $('<div id="meta-error" class="alert alert-warning">' + md.metaError + '</div>')
+ warning = $(`<div id="meta-error" class="alert alert-warning">${escapeHTML(md.metaError)}</div>`)
result.prepend(warning)
}
}
diff --git a/yarn.lock b/yarn.lock
index 22e0a2ae..19077f37 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -513,7 +513,7 @@ are-we-there-yet@~1.1.2:
delegates "^1.0.0"
readable-stream "^2.0.6"
-argparse@^1.0.2, argparse@^1.0.7:
+argparse@^1.0.7:
version "1.0.10"
resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
@@ -3373,7 +3373,7 @@ es6-weak-map@^2.0.2:
es6-iterator "^2.0.1"
es6-symbol "^3.1.1"
-escape-html@~1.0.3:
+escape-html@^1.0.3, escape-html@~1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
@@ -3531,11 +3531,6 @@ espree@^5.0.1:
acorn-jsx "^5.0.0"
eslint-visitor-keys "^1.0.0"
-esprima@^2.6.0:
- version "2.7.3"
- resolved "https://registry.yarnpkg.com/esprima/-/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581"
- integrity sha1-luO3DVd59q1JzQMmc9HDEnZ7pYE=
-
esprima@^3.1.3:
version "3.1.3"
resolved "https://registry.yarnpkg.com/esprima/-/esprima-3.1.3.tgz#fdca51cee6133895e3c88d535ce49dbff62a4633"
@@ -5623,7 +5618,7 @@ js-url@^2.3.0:
grunt-contrib-qunit ""
grunt-contrib-uglify ""
-js-yaml@^3.13.0, js-yaml@^3.13.1:
+js-yaml@^3.13.0, js-yaml@^3.13.1, js-yaml@~3.13.1:
version "3.13.1"
resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.13.1.tgz#aff151b30bfdfa8e49e05da22e7415e9dfa37847"
integrity sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==
@@ -5631,14 +5626,6 @@ js-yaml@^3.13.0, js-yaml@^3.13.1:
argparse "^1.0.7"
esprima "^4.0.0"
-js-yaml@~3.5.5:
- version "3.5.5"
- resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.5.5.tgz#0377c38017cabc7322b0d1fbcd25a491641f2fbe"
- integrity sha1-A3fDgBfKvHMisNH7zSWkkWQfL74=
- dependencies:
- argparse "^1.0.2"
- esprima "^2.6.0"
-
jsbn@~0.1.0:
version "0.1.1"
resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
@@ -6421,10 +6408,10 @@ markdown-pdf@^9.0.0:
through2 "^2.0.0"
tmp "0.0.33"
-marked@~0.3.6:
- version "0.3.19"
- resolved "https://registry.yarnpkg.com/marked/-/marked-0.3.19.tgz#5d47f709c4c9fc3c216b6d46127280f40b39d790"
- integrity sha512-ea2eGWOqNxPcXv8dyERdSr/6FmzvWwzjMxpfGB/sbMccXoct+xY+YukPD+QTUZwyvK7BZwcr4m21WBOW41pAkg==
+marked@~0.6.2:
+ version "0.6.2"
+ resolved "https://registry.yarnpkg.com/marked/-/marked-0.6.2.tgz#c574be8b545a8b48641456ca1dbe0e37b6dccc1a"
+ integrity sha512-LqxwVH3P/rqKX4EKGz7+c2G9r98WeM/SW34ybhgNGhUQNKtf1GmmSkJ6cDGJ/t6tiyae49qRkpyTw2B9HOrgUA==
math-interval-parser@^1.1.0:
version "1.1.0"
@@ -6558,13 +6545,12 @@ messageformat@^0.3.1:
nopt "~3.0.6"
watchr "~2.4.13"
-meta-marked@^0.4.2:
- version "0.4.2"
- resolved "https://registry.yarnpkg.com/meta-marked/-/meta-marked-0.4.2.tgz#4a1fae344f53d7040aacabb723e2f432a37455f8"
- integrity sha1-Sh+uNE9T1wQKrKu3I+L0MqN0Vfg=
+"meta-marked@git+https://github.com/codimd/meta-marked#semver:^0.4.2":
+ version "0.4.4"
+ resolved "git+https://github.com/codimd/meta-marked#04fd9775b38566e41b71e3e63bd78717d3eb4445"
dependencies:
- js-yaml "~3.5.5"
- marked "~0.3.6"
+ js-yaml "~3.13.1"
+ marked "~0.6.2"
method-override@^2.3.7:
version "2.3.10"