summaryrefslogtreecommitdiff
path: root/public/js
diff options
context:
space:
mode:
Diffstat (limited to 'public/js')
-rw-r--r--public/js/extra.js11
-rw-r--r--public/js/lib/editor/index.js2
-rw-r--r--public/js/locale.js3
-rw-r--r--public/js/render.js2
-rwxr-xr-xpublic/js/reveal-markdown.js2
-rw-r--r--public/js/slide.js3
6 files changed, 19 insertions, 4 deletions
diff --git a/public/js/extra.js b/public/js/extra.js
index bf388139..d36592d9 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -559,6 +559,15 @@ export function finishView (view) {
// only static transform should be here
export function postProcess (code) {
const result = $(`<div>${code}</div>`)
+ // process style tags
+ result.find('style').each((key, value) => {
+ let html = $(value).html()
+ // unescape > symbel inside the style tags
+ html = html.replace(/&gt;/g, '>')
+ // remove css @import to prevent XSS
+ html = html.replace(/@import url\(([^)]*)\);?/gi, '')
+ $(value).html(html)
+ })
// link should open in new window or tab
result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
// update continue line numbers
@@ -1083,7 +1092,7 @@ const gistPlugin = new Plugin(
(match, utils) => {
const gistid = match[1]
- const code = `<code data-gist-id="${gistid}"/>`
+ const code = `<code data-gist-id="${gistid}"></code>`
return code
}
)
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index 2991998b..33c1e0d4 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -74,6 +74,8 @@ export default class Editor {
},
'Cmd-Left': 'goLineLeftSmart',
'Cmd-Right': 'goLineRight',
+ 'Home': 'goLineLeftSmart',
+ 'End': 'goLineRight',
'Ctrl-C': function (cm) {
if (!isMac && cm.getOption('keyMap').substr(0, 3) === 'vim') {
document.execCommand('copy')
diff --git a/public/js/locale.js b/public/js/locale.js
index 2a2c1814..71c0f99f 100644
--- a/public/js/locale.js
+++ b/public/js/locale.js
@@ -11,6 +11,9 @@ $('.ui-locale option').each(function () {
})
if (Cookies.get('locale')) {
lang = Cookies.get('locale')
+ if (lang === 'zh') {
+ lang = 'zh-TW'
+ }
} else if (supportLangs.indexOf(userLang) !== -1) {
lang = supportLangs[supportLangs.indexOf(userLang)]
} else if (supportLangs.indexOf(userLangCode) !== -1) {
diff --git a/public/js/render.js b/public/js/render.js
index 88a05bde..e2574b5f 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -27,7 +27,7 @@ var filterXSSOptions = {
whiteList: whiteList,
escapeHtml: function (html) {
// allow html comment in multiple lines
- return html.replace(/<(.*?)>/g, '&lt;$1&gt;')
+ return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
},
onIgnoreTag: function (tag, html, options) {
// allow comment tag
diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js
index 94f6fb91..d15b5ebd 100755
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@@ -320,7 +320,7 @@ import { md } from './extra'
var notes = section.querySelector('aside.notes')
var markdown = getMarkdownFromSlide(section)
-
+ markdown = markdown.replace(/&lt;/g, '<').replace(/&gt;/g, '>')
var rendered = md.render(markdown)
rendered = preventXSS(rendered)
var result = window.postProcess(rendered)
diff --git a/public/js/slide.js b/public/js/slide.js
index 293ebfe2..59a352ec 100644
--- a/public/js/slide.js
+++ b/public/js/slide.js
@@ -4,9 +4,10 @@
require('../css/extra.css')
require('../css/site.css')
+import { preventXSS } from './render'
import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
-const body = $('.slides').text()
+const body = preventXSS($('.slides').text())
window.createtime = window.lastchangeui.time.attr('data-createtime')
window.lastchangetime = window.lastchangeui.time.attr('data-updatetime')