mirror of
https://github.com/status-im/codimd.git
synced 2025-01-16 12:24:29 +00:00
Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue]
This commit is contained in:
parent
f86a9e0c4b
commit
79d5b2c37f
@ -1,5 +1,6 @@
|
|||||||
// allow some attributes
|
// allow some attributes
|
||||||
var whiteListAttr = ['id', 'class', 'style'];
|
var whiteListAttr = ['id', 'class', 'style'];
|
||||||
|
window.whiteListAttr = whiteListAttr;
|
||||||
// allow link starts with '.', '/' and custom protocol with '://'
|
// allow link starts with '.', '/' and custom protocol with '://'
|
||||||
var linkRegex = /^([\w|-]+:\/\/)|^([\.|\/])+/;
|
var linkRegex = /^([\w|-]+:\/\/)|^([\.|\/])+/;
|
||||||
// allow data uri, from https://gist.github.com/bgrins/6194623
|
// allow data uri, from https://gist.github.com/bgrins/6194623
|
||||||
|
5
public/js/reveal-markdown.js
Normal file → Executable file
5
public/js/reveal-markdown.js
Normal file → Executable file
@ -286,7 +286,10 @@
|
|||||||
nodeValue = nodeValue.substring( 0, matches.index ) + nodeValue.substring( mardownClassesInElementsRegex.lastIndex );
|
nodeValue = nodeValue.substring( 0, matches.index ) + nodeValue.substring( mardownClassesInElementsRegex.lastIndex );
|
||||||
node.nodeValue = nodeValue;
|
node.nodeValue = nodeValue;
|
||||||
while( matchesClass = mardownClassRegex.exec( classes ) ) {
|
while( matchesClass = mardownClassRegex.exec( classes ) ) {
|
||||||
elementTarget.setAttribute( matchesClass[1], matchesClass[2] );
|
var name = matchesClass[1];
|
||||||
|
var value = matchesClass[2];
|
||||||
|
if (name.substr(0, 5) === 'data-' || whiteListAttr.indexOf(name) !== -1)
|
||||||
|
elementTarget.setAttribute( name, filterXSS.escapeAttrValue(value) );
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user