Fix rendering might result XSS attribute on self closing tag [Security Issue]

2017-03-14 16:27:55 +08:00
parent edb1b4aa0a
commit f491cdabc1
4 changed files with 20 additions and 1 deletions
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -42,6 +42,7 @@ import {
    deduplicatedHeaderId,
    exportToHTML,
    exportToRawHTML,
+    removeDOMEvents,
    finishView,
    generateToc,
    isValidURL,
@@ -3374,6 +3375,7 @@ function updateViewInner () {
    if (result && lastResult && result.length !== lastResult.length) { updateDataAttrs(result, ui.area.markdown.children().toArray()) }
    lastResult = $(result).clone()
  }
+  removeDOMEvents(ui.area.markdown)
  finishView(ui.area.markdown)
  autoLinkify(ui.area.markdown)
  deduplicatedHeaderId(ui.area.markdown)