Merge pull request #1046 from SISheogorath/feature/optimizeXSS

Remove the xss library from webpack
2018-11-11 19:01:44 +01:00
parent a1211abd32 c59b94a37b
commit 2a8b56e14b
3 changed files with 7 additions and 10 deletions
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -1,6 +1,8 @@
 /* eslint-env browser, jquery */
-/* global filterXSS */
 // allow some attributes
+
+var filterXSS = require('xss')
+
 var whiteListAttr = ['id', 'class', 'style']
 window.whiteListAttr = whiteListAttr
 // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@@ -71,5 +73,6 @@ function preventXSS (html) {
 window.preventXSS = preventXSS

 module.exports = {
-  preventXSS: preventXSS
+  preventXSS: preventXSS,
+  escapeAttrValue: filterXSS.escapeAttrValue
 }
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@@ -1,6 +1,6 @@
 /* eslint-env browser, jquery */

-import { preventXSS } from './render'
+import { preventXSS, escapeAttrValue } from './render'
 import { md } from './extra'

 /**
@@ -259,7 +259,7 @@ import { md } from './extra'
      while ((matchesClass = mardownClassRegex.exec(classes))) {
        var name = matchesClass[1]
        var value = matchesClass[2]
-        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
+        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
      }
      return true
    }