diff options
Diffstat (limited to 'public/js')
| -rw-r--r-- | public/js/extra.js | 11 | ||||
| -rw-r--r-- | public/js/lib/editor/index.js | 2 | ||||
| -rw-r--r-- | public/js/locale.js | 3 | ||||
| -rw-r--r-- | public/js/render.js | 2 | ||||
| -rwxr-xr-x | public/js/reveal-markdown.js | 2 | ||||
| -rw-r--r-- | public/js/slide.js | 3 |
6 files changed, 19 insertions, 4 deletions
diff --git a/public/js/extra.js b/public/js/extra.js index bf388139..d36592d9 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -559,6 +559,15 @@ export function finishView (view) { // only static transform should be here export function postProcess (code) { const result = $(`<div>${code}</div>`) + // process style tags + result.find('style').each((key, value) => { + let html = $(value).html() + // unescape > symbel inside the style tags + html = html.replace(/>/g, '>') + // remove css @import to prevent XSS + html = html.replace(/@import url\(([^)]*)\);?/gi, '') + $(value).html(html) + }) // link should open in new window or tab result.find('a:not([href^="#"]):not([target])').attr('target', '_blank') // update continue line numbers @@ -1083,7 +1092,7 @@ const gistPlugin = new Plugin( (match, utils) => { const gistid = match[1] - const code = `<code data-gist-id="${gistid}"/>` + const code = `<code data-gist-id="${gistid}"></code>` return code } ) diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js index 2991998b..33c1e0d4 100644 --- a/public/js/lib/editor/index.js +++ b/public/js/lib/editor/index.js @@ -74,6 +74,8 @@ export default class Editor { }, 'Cmd-Left': 'goLineLeftSmart', 'Cmd-Right': 'goLineRight', + 'Home': 'goLineLeftSmart', + 'End': 'goLineRight', 'Ctrl-C': function (cm) { if (!isMac && cm.getOption('keyMap').substr(0, 3) === 'vim') { document.execCommand('copy') diff --git a/public/js/locale.js b/public/js/locale.js index 2a2c1814..71c0f99f 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -11,6 +11,9 @@ $('.ui-locale option').each(function () { }) if (Cookies.get('locale')) { lang = Cookies.get('locale') + if (lang === 'zh') { + lang = 'zh-TW' + } } else if (supportLangs.indexOf(userLang) !== -1) { lang = supportLangs[supportLangs.indexOf(userLang)] } else if (supportLangs.indexOf(userLangCode) !== -1) { diff --git a/public/js/render.js b/public/js/render.js index 88a05bde..e2574b5f 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -27,7 +27,7 @@ var filterXSSOptions = { whiteList: whiteList, escapeHtml: function (html) { // allow html comment in multiple lines - return html.replace(/<(.*?)>/g, '<$1>') + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') }, onIgnoreTag: function (tag, html, options) { // allow comment tag diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js index 94f6fb91..d15b5ebd 100755 --- a/public/js/reveal-markdown.js +++ b/public/js/reveal-markdown.js @@ -320,7 +320,7 @@ import { md } from './extra' var notes = section.querySelector('aside.notes') var markdown = getMarkdownFromSlide(section) - + markdown = markdown.replace(/</g, '<').replace(/>/g, '>') var rendered = md.render(markdown) rendered = preventXSS(rendered) var result = window.postProcess(rendered) diff --git a/public/js/slide.js b/public/js/slide.js index 293ebfe2..59a352ec 100644 --- a/public/js/slide.js +++ b/public/js/slide.js @@ -4,9 +4,10 @@ require('../css/extra.css') require('../css/site.css') +import { preventXSS } from './render' import { md, updateLastChange, removeDOMEvents, finishView } from './extra' -const body = $('.slides').text() +const body = preventXSS($('.slides').text()) window.createtime = window.lastchangeui.time.attr('data-createtime') window.lastchangetime = window.lastchangeui.time.attr('data-updatetime') |