From 4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d Mon Sep 17 00:00:00 2001
From: Cheng-Han, Wu
Date: Thu, 11 Feb 2016 03:45:13 -0600
Subject: Fixed prevent XSS might break lots of tags and only need after
 rendered

---
 lib/response.js | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'lib/response.js')

diff --git a/lib/response.js b/lib/response.js
index c12c4caa..07cb5ba9 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -11,7 +11,6 @@ var shortId = require('shortid');
 var metaMarked = require('meta-marked');
 var querystring = require('querystring');
 var request = require('request');
-var xss = require('xss');
 
 //core
 var config = require("../config.js");
@@ -228,7 +227,6 @@ function showPublishNote(req, res, next) {
                         //na
                     }
                     var updatetime = notedata.update_time;
-                    body = xss(body); // prevent xss
                     var text = S(body).escapeHTML().s;
                     var title = notedata.title;
                     var decodedTitle = LZString.decompressFromBase64(title);
@@ -612,7 +610,6 @@ function showPublishSlide(req, res, next) {
                     var decodedTitle = LZString.decompressFromBase64(title);
                     if (decodedTitle) title = decodedTitle;
                     title = Note.generateWebTitle(title);
-                    body = xss(body); // prevent xss
                     var text = S(body).escapeHTML().s;
                     render(res, title, text);
                 });
-- 
cgit v1.2.3