Fix rendering might result XSS attribute on self closing tag [Security Issue]

2017-03-14 16:27:55 +08:00
parent edb1b4aa0a
commit f491cdabc1
4 changed files with 20 additions and 1 deletions
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -551,6 +551,19 @@ export function postProcess (code) {
 }
 window.postProcess = postProcess

+var domevents = Object.getOwnPropertyNames(document).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(Object.getPrototypeOf(document)))).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(window))).filter(function (i) {
+  return !i.indexOf('on') && (document[i] === null || typeof document[i] === 'function')
+}).filter(function (elem, pos, self) {
+  return self.indexOf(elem) === pos
+})
+
+export function removeDOMEvents (view) {
+  for (var i = 0, l = domevents.length; i < l; i++) {
+    view.find('[' + domevents[i] + ']').removeAttr(domevents[i])
+  }
+}
+window.removeDOMEvents = removeDOMEvents
+
 function generateCleanHTML (view) {
  const src = view.clone()
  const eles = src.find('*')