Fixed prevent XSS might break lots of tags and only need after rendered

2016-02-11 03:45:13 -06:00
parent 176021ccd8
commit 4c4a0e0f3f
10 changed files with 442 additions and 20 deletions
--- a/public/js/pretty.js
+++ b/public/js/pretty.js
@@ -3,7 +3,9 @@ var text = $('<textarea/>').html(markdown.html()).text();
 md.meta = {};
 md.render(text); //only for get meta
 parseMeta(md, markdown, $('#toc'), $('#toc-affix'));
-var result = postProcess(md.render(text));
+var rendered = md.render(text);
+rendered = preventXSS(rendered);
+var result = postProcess(rendered);
 markdown.html(result.html());
 $(document.body).show();
 finishView(markdown);