From 6700f033ab2c2e6f5ab1293025d3485ecc37c321 Mon Sep 17 00:00:00 2001
From: Cheng-Han, Wu
Date: Thu, 11 Feb 2016 02:36:52 -0600
Subject: Prevent XSS in markdown rendering
---
public/js/index.js | 1 +
public/views/foot.ejs | 1 +
2 files changed, 2 insertions(+)
(limited to 'public')
diff --git a/public/js/index.js b/public/js/index.js
index b4e33ae3..ad77e0d3 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -2131,6 +2131,7 @@ var lastResult = null;
function updateViewInner() {
if (currentMode == modeType.edit || !isDirty) return;
var value = editor.getValue();
+ value = filterXSS(value); // prevent xss
md.meta = {};
md.render(value); //only for get meta
parseMeta(md, ui.area.markdown, $('#toc'), $('#toc-affix'));
diff --git a/public/views/foot.ejs b/public/views/foot.ejs
index b0006f7b..3a5ef145 100644
--- a/public/views/foot.ejs
+++ b/public/views/foot.ejs
@@ -29,6 +29,7 @@
+
--
cgit v1.2.3