diff options
| -rw-r--r-- | lib/web/auth/google/index.js | 6 | ||||
| -rw-r--r-- | public/js/lib/editor/index.js | 2 | ||||
| -rw-r--r-- | public/js/render.js | 2 | ||||
| -rw-r--r-- | public/js/slide.js | 5 |
4 files changed, 10 insertions, 5 deletions
diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js index bf2a260f..609c69cf 100644 --- a/lib/web/auth/google/index.js +++ b/lib/web/auth/google/index.js @@ -6,7 +6,7 @@ var GoogleStrategy = require('passport-google-oauth20').Strategy const config = require('../../../config') const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') -let facebookAuth = module.exports = Router() +let googleAuth = module.exports = Router() passport.use(new GoogleStrategy({ clientID: config.google.clientID, @@ -14,12 +14,12 @@ passport.use(new GoogleStrategy({ callbackURL: config.serverurl + '/auth/google/callback' }, passportGeneralCallback)) -facebookAuth.get('/auth/google', function (req, res, next) { +googleAuth.get('/auth/google', function (req, res, next) { setReturnToFromReferer(req) passport.authenticate('google', { scope: ['profile'] })(req, res, next) }) // google auth callback -facebookAuth.get('/auth/google/callback', +googleAuth.get('/auth/google/callback', passport.authenticate('google', { successReturnToOrRedirect: config.serverurl + '/', failureRedirect: config.serverurl + '/' diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js index 2991998b..33c1e0d4 100644 --- a/public/js/lib/editor/index.js +++ b/public/js/lib/editor/index.js @@ -74,6 +74,8 @@ export default class Editor { }, 'Cmd-Left': 'goLineLeftSmart', 'Cmd-Right': 'goLineRight', + 'Home': 'goLineLeftSmart', + 'End': 'goLineRight', 'Ctrl-C': function (cm) { if (!isMac && cm.getOption('keyMap').substr(0, 3) === 'vim') { document.execCommand('copy') diff --git a/public/js/render.js b/public/js/render.js index 88a05bde..e2574b5f 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -27,7 +27,7 @@ var filterXSSOptions = { whiteList: whiteList, escapeHtml: function (html) { // allow html comment in multiple lines - return html.replace(/<(.*?)>/g, '<$1>') + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') }, onIgnoreTag: function (tag, html, options) { // allow comment tag diff --git a/public/js/slide.js b/public/js/slide.js index 293ebfe2..b88ac022 100644 --- a/public/js/slide.js +++ b/public/js/slide.js @@ -4,9 +4,10 @@ require('../css/extra.css') require('../css/site.css') +import { preventXSS } from './render' import { md, updateLastChange, removeDOMEvents, finishView } from './extra' -const body = $('.slides').text() +const body = preventXSS($('.slides').text()) window.createtime = window.lastchangeui.time.attr('data-createtime') window.lastchangetime = window.lastchangeui.time.attr('data-updatetime') @@ -54,6 +55,8 @@ const slideOptions = { const slides = RevealMarkdown.slidify(body, slideOptions) $('.slides').html(slides) RevealMarkdown.initialize() +// fix < and > were doubly escaped +$('.slides')[0].innerHTML = $('.slides')[0].innerHTML.replace(/&lt;/g, '<').replace(/&gt;/g, '>') removeDOMEvents($('.slides')) $('.slides').show() |