From f86a9e0c4bbf852d2648430d5f7f3d837c40bd47 Mon Sep 17 00:00:00 2001
From: Wu Cheng-Han
Date: Sat, 26 Nov 2016 22:46:08 +0800
Subject: Fix slide might trigger script when processing markdown which cause
 XSS [Security Issue]

---
 lib/response.js | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

(limited to 'lib/response.js')

diff --git a/lib/response.js b/lib/response.js
index fa97f157..1a45d63a 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -16,15 +16,6 @@ var config = require("./config.js");
 var logger = require("./logger.js");
 var models = require("./models");
 
-//slides
-var md = require('reveal.js/plugin/markdown/markdown');
-
-//reveal.js
-var slideOptions = {
-    separator: '^(\r\n?|\n)---(\r\n?|\n)$',
-    verticalSeparator: '^(\r\n?|\n)----(\r\n?|\n)$'
-};
-
 //public
 var response = {
     errorForbidden: function (res) {
@@ -584,7 +575,6 @@ function showPublishSlide(req, res, next) {
             var text = S(body).escapeHTML().s;
             var title = models.Note.decodeTitle(note.title);
             title = models.Note.generateWebTitle(meta.title || title);
-            var slides = md.slidify(text, slideOptions);
             var origin = config.serverurl;
             var data = {
                 title: title,
@@ -593,7 +583,7 @@ function showPublishSlide(req, res, next) {
                 createtime: createtime,
                 updatetime: updatetime,
                 url: origin,
-                slides: slides,
+                body: text,
                 meta: JSON.stringify(obj.meta || {}),
                 useCDN: config.usecdn,
                 owner: note.owner ? note.owner.id : null,
-- 
cgit v1.2.3