diff options
Diffstat (limited to 'public/js')
| -rw-r--r-- | public/js/extra.js | 14 | ||||
| -rw-r--r-- | public/js/render.js | 7 | ||||
| -rw-r--r-- | public/js/reveal-markdown.js | 4 |
3 files changed, 21 insertions, 4 deletions
diff --git a/public/js/extra.js b/public/js/extra.js index dd264047..ed1470be 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -1145,6 +1145,19 @@ const pdfPlugin = new Plugin( } ) +const emojijsPlugin = new Plugin( + // regexp to match emoji shortcodes :something: + // We generate an universal regex that guaranteed only contains the + // emojies we have available. This should prevent all false-positives + new RegExp(':(' + window.emojify.emojiNames.map((item) => { return RegExp.escape(item) }).join('|') + '):', 'i'), + + (match, utils) => { + const emoji = match[1].toLowerCase() + const div = $(`<img class="emoji" src="${serverurl}/build/emojify.js/dist/images/basic/${emoji}.png"></img>`) + return div[0].outerHTML + } +) + // yaml meta, from https://github.com/eugeneware/remarkable-meta function get (state, line) { const pos = state.bMarks[line] @@ -1189,6 +1202,7 @@ function metaPlugin (md) { } md.use(metaPlugin) +md.use(emojijsPlugin) md.use(youtubePlugin) md.use(vimeoPlugin) md.use(gistPlugin) diff --git a/public/js/render.js b/public/js/render.js index 23b8934e..ff5e2bf2 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -1,6 +1,8 @@ /* eslint-env browser, jquery */ -/* global filterXSS */ // allow some attributes + +var filterXSS = require('xss') + var whiteListAttr = ['id', 'class', 'style'] window.whiteListAttr = whiteListAttr // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript:// @@ -71,5 +73,6 @@ function preventXSS (html) { window.preventXSS = preventXSS module.exports = { - preventXSS: preventXSS + preventXSS: preventXSS, + escapeAttrValue: filterXSS.escapeAttrValue } diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js index d15b5ebd..ad5bfd04 100644 --- a/public/js/reveal-markdown.js +++ b/public/js/reveal-markdown.js @@ -1,6 +1,6 @@ /* eslint-env browser, jquery */ -import { preventXSS } from './render' +import { preventXSS, escapeAttrValue } from './render' import { md } from './extra' /** @@ -259,7 +259,7 @@ import { md } from './extra' while ((matchesClass = mardownClassRegex.exec(classes))) { var name = matchesClass[1] var value = matchesClass[2] - if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) } + if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) } } return true } |