summaryrefslogtreecommitdiff
path: root/public/js/render.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove manual allow details tag since default already allow itMax Wu2018-02-261-3/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Extend HTML5 support by whitelisting various tagsSheogorath2018-02-251-1/+11
| | | | | | | | | | | | HTML5 provides a wide feature set of useful elements. Since Markdown usually supports HTML it should be able to use these HTML5 tags as well. As they were requested by some users and they where checked for being safe, whitelisting them isn't a problem. To make the experience the same as on GitHub when it comes to the basic look and feel of the rendered markdown, some CSS was added to make the summary and the details tag look like on GitHub. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Prevent XSS vul by srcdoc in iframeSheogorath2017-11-241-1/+1
|
* Fix unclosed tags might cause XSS [Security Issue]Wu Cheng-Han2017-09-271-1/+1
|
* Fix link regex should filter protocol with case insensitive flag [Security ↵Wu Cheng-Han2017-04-111-1/+1
| | | | Issue]
* Fix XSS vulnerability in link regex [Security Issue]Wu Cheng-Han2017-03-221-2/+2
|
* Fix render.js code stylesWu Cheng-Han2017-03-221-6/+6
|
* Use JavaScript Standard Style (part 2)BoHong Li2017-03-091-37/+39
| | | | Fixed all fail on frontend code.
* Update to allow li tag specify value numberWu Cheng-Han2017-02-171-0/+2
|
* Fix slide might able to add unsafe attribute on section tag which cause XSS ↵Wu Cheng-Han2016-11-261-0/+1
| | | | [Security Issue]
* Update to support summary tagWu Cheng-Han2016-10-291-0/+2
|
* More function expose workaround for reveal-markdown.jsYukai Huang2016-10-101-0/+1
|
* Resolve dependency module requiringYukai Huang2016-10-081-1/+5
| | | | | | | | * es5 style module exports * remove script tag require * webpack config ProvidePlugin Note that this commit only fix JavaScript module loading runtime error.
* Update to support data uri in src attribute of image tagWu Cheng-Han2016-08-151-0/+6
|
* Update XSS policy to allow iframe and link with custom protocolWu Cheng-Han2016-08-141-10/+19
|
* Update filter XSS to allow attr href starts with '.' or '/'Cheng-Han, Wu2016-04-201-0/+6
|
* Fix XSS HTML replace might get wrong on the HTML comments in the code tagsCheng-Han, Wu2016-04-201-0/+4
|
* Fixed filter XSS should allow ordered list specify start numberCheng-Han, Wu2016-03-041-0/+4
|
* Support kbd tagCheng-Han, Wu2016-02-221-1/+1
|
* Updated to support html comment tag in XSSCheng-Han, Wu2016-02-161-1/+2
|
* Updated XSS filter options to allow style tag and style attributeCheng-Han, Wu2016-02-111-11/+21
|
* Fixed prevent XSS might break lots of tags and only need after renderedCheng-Han, Wu2016-02-111-0/+13