summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/web/auth/google/index.js6
-rw-r--r--public/js/lib/editor/index.js2
-rw-r--r--public/js/render.js2
-rw-r--r--public/js/slide.js5
4 files changed, 10 insertions, 5 deletions
diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js
index bf2a260f..609c69cf 100644
--- a/lib/web/auth/google/index.js
+++ b/lib/web/auth/google/index.js
@@ -6,7 +6,7 @@ var GoogleStrategy = require('passport-google-oauth20').Strategy
const config = require('../../../config')
const {setReturnToFromReferer, passportGeneralCallback} = require('../utils')
-let facebookAuth = module.exports = Router()
+let googleAuth = module.exports = Router()
passport.use(new GoogleStrategy({
clientID: config.google.clientID,
@@ -14,12 +14,12 @@ passport.use(new GoogleStrategy({
callbackURL: config.serverurl + '/auth/google/callback'
}, passportGeneralCallback))
-facebookAuth.get('/auth/google', function (req, res, next) {
+googleAuth.get('/auth/google', function (req, res, next) {
setReturnToFromReferer(req)
passport.authenticate('google', { scope: ['profile'] })(req, res, next)
})
// google auth callback
-facebookAuth.get('/auth/google/callback',
+googleAuth.get('/auth/google/callback',
passport.authenticate('google', {
successReturnToOrRedirect: config.serverurl + '/',
failureRedirect: config.serverurl + '/'
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index 2991998b..33c1e0d4 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -74,6 +74,8 @@ export default class Editor {
},
'Cmd-Left': 'goLineLeftSmart',
'Cmd-Right': 'goLineRight',
+ 'Home': 'goLineLeftSmart',
+ 'End': 'goLineRight',
'Ctrl-C': function (cm) {
if (!isMac && cm.getOption('keyMap').substr(0, 3) === 'vim') {
document.execCommand('copy')
diff --git a/public/js/render.js b/public/js/render.js
index 88a05bde..e2574b5f 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -27,7 +27,7 @@ var filterXSSOptions = {
whiteList: whiteList,
escapeHtml: function (html) {
// allow html comment in multiple lines
- return html.replace(/<(.*?)>/g, '&lt;$1&gt;')
+ return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
},
onIgnoreTag: function (tag, html, options) {
// allow comment tag
diff --git a/public/js/slide.js b/public/js/slide.js
index 293ebfe2..b88ac022 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -4,9 +4,10 @@
require('../css/extra.css')
require('../css/site.css')
+import { preventXSS } from './render'
import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
-const body = $('.slides').text()
+const body = preventXSS($('.slides').text())
window.createtime = window.lastchangeui.time.attr('data-createtime')
window.lastchangetime = window.lastchangeui.time.attr('data-updatetime')
@@ -54,6 +55,8 @@ const slideOptions = {
const slides = RevealMarkdown.slidify(body, slideOptions)
$('.slides').html(slides)
RevealMarkdown.initialize()
+// fix < and > were doubly escaped
+$('.slides')[0].innerHTML = $('.slides')[0].innerHTML.replace(/&amp;lt;/g, '&lt;').replace(/&amp;gt;/g, '&gt;')
removeDOMEvents($('.slides'))
$('.slides').show()