sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

Browse Source
This commit is contained in:
Wu Cheng-Han
2016-11-26 22:55:31 +08:00
parent b43e63dd21
commit 9d4ede4cff
8 changed files with 15 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
public/js/pretty.js
View File

@@ -4,9 +4,6 @@ require('../css/site.css');
require('highlight.js/styles/github-gist.css');
/* other vendors plugin */
var S = require('string');
var extra = require('./extra');
var md = extra.md;
var finishView = extra.finishView;
@@ -22,7 +19,7 @@ var scrollToHash = extra.scrollToHash;
var preventXSS = require('./render').preventXSS;
var markdown = $("#doc.markdown-body");
var text = S(markdown.html()).unescapeHTML().s;
var text = markdown.text();
var lastMeta = md.meta;
md.meta = {};
var rendered = md.render(text);