diff options
Diffstat (limited to 'public/js/extra.js')
| -rw-r--r-- | public/js/extra.js | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/public/js/extra.js b/public/js/extra.js index bf388139..d36592d9 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -559,6 +559,15 @@ export function finishView (view) { // only static transform should be here export function postProcess (code) { const result = $(`<div>${code}</div>`) + // process style tags + result.find('style').each((key, value) => { + let html = $(value).html() + // unescape > symbel inside the style tags + html = html.replace(/>/g, '>') + // remove css @import to prevent XSS + html = html.replace(/@import url\(([^)]*)\);?/gi, '') + $(value).html(html) + }) // link should open in new window or tab result.find('a:not([href^="#"]):not([target])').attr('target', '_blank') // update continue line numbers @@ -1083,7 +1092,7 @@ const gistPlugin = new Plugin( (match, utils) => { const gistid = match[1] - const code = `<code data-gist-id="${gistid}"/>` + const code = `<code data-gist-id="${gistid}"></code>` return code } ) |