From 9d4ede4cffae47b9fd81ffbd0f2edff47c29e224 Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Sat, 26 Nov 2016 22:55:31 +0800 Subject: Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] --- public/js/pretty.js | 5 +---- public/js/slide.js | 3 --- 2 files changed, 1 insertion(+), 7 deletions(-) (limited to 'public/js') diff --git a/public/js/pretty.js b/public/js/pretty.js index f43df90c..c1a471a1 100644 --- a/public/js/pretty.js +++ b/public/js/pretty.js @@ -4,9 +4,6 @@ require('../css/site.css'); require('highlight.js/styles/github-gist.css'); -/* other vendors plugin */ -var S = require('string'); - var extra = require('./extra'); var md = extra.md; var finishView = extra.finishView; @@ -22,7 +19,7 @@ var scrollToHash = extra.scrollToHash; var preventXSS = require('./render').preventXSS; var markdown = $("#doc.markdown-body"); -var text = S(markdown.html()).unescapeHTML().s; +var text = markdown.text(); var lastMeta = md.meta; md.meta = {}; var rendered = md.render(text); diff --git a/public/js/slide.js b/public/js/slide.js index a8411570..8d45219e 100644 --- a/public/js/slide.js +++ b/public/js/slide.js @@ -2,9 +2,6 @@ require('../css/extra.css'); require('../css/site.css'); require('../css/slide.css'); -/* other vendors plugin */ -var S = require('string'); - var extraModule = require('./extra'); var md = extraModule.md; var updateLastChange = extraModule.updateLastChange; -- cgit v1.2.3