status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1650 from hackmdio/bugfix/fix-reveal-markdown-stored-xss 

Fix slide mode stored XSS
This commit is contained in:
Yukai Huang 2021-01-25 16:50:23 +08:00 committed by GitHub
parent 5b4c7ef4bb c47f0f0c71
commit 452f9ac124
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/js/reveal-markdown.js
View File

@ -103,7 +103,7 @@ import { md } from './extra'
// prevent script end tags in the content from interfering // prevent script end tags in the content from interfering
// with parsing // with parsing
content = content.replace(/<\/script>/g, SCRIPT_END_PLACEHOLDER) content = content.replace(/<\/script>/gi, SCRIPT_END_PLACEHOLDER)
return '<script type="text/template">' + content + '</script>' return '<script type="text/template">' + content + '</script>'
} }

2
public/js/slide.js
View File

@ -80,6 +80,8 @@ const defaultOptions = {
} }
var options = meta.slideOptions || {} var options = meta.slideOptions || {}
// delete dependencies to avoid import user defined external resources
delete options.dependencies
if (Object.hasOwnProperty.call(options, 'spotlight')) { if (Object.hasOwnProperty.call(options, 'spotlight')) {
defaultOptions.dependencies.push({ defaultOptions.dependencies.push({