mirror of https://github.com/status-im/codimd.git
fix(security): potential JSONP callback overwritten
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
parent
3038f5cfd1
commit
79e6d3d724
|
@ -1111,7 +1111,7 @@ const vimeoPlugin = new Plugin(
|
||||||
/{%vimeo\s*([\d\D]*?)\s*%}/,
|
/{%vimeo\s*([\d\D]*?)\s*%}/,
|
||||||
|
|
||||||
(match, utils) => {
|
(match, utils) => {
|
||||||
const videoid = match[1]
|
const videoid = match[1].split(/[?&=]+/)[0]
|
||||||
if (!videoid) return
|
if (!videoid) return
|
||||||
const div = $('<div class="vimeo raw"></div>')
|
const div = $('<div class="vimeo raw"></div>')
|
||||||
div.attr('data-videoid', videoid)
|
div.attr('data-videoid', videoid)
|
||||||
|
@ -1126,7 +1126,7 @@ const gistPlugin = new Plugin(
|
||||||
/{%gist\s*([\d\D]*?)\s*%}/,
|
/{%gist\s*([\d\D]*?)\s*%}/,
|
||||||
|
|
||||||
(match, utils) => {
|
(match, utils) => {
|
||||||
const gistid = match[1]
|
const gistid = match[1].split(/[?&=]+/)[0]
|
||||||
const code = `<code data-gist-id="${gistid}"></code>`
|
const code = `<code data-gist-id="${gistid}"></code>`
|
||||||
return code
|
return code
|
||||||
}
|
}
|
||||||
|
@ -1144,7 +1144,7 @@ const slidesharePlugin = new Plugin(
|
||||||
/{%slideshare\s*([\d\D]*?)\s*%}/,
|
/{%slideshare\s*([\d\D]*?)\s*%}/,
|
||||||
|
|
||||||
(match, utils) => {
|
(match, utils) => {
|
||||||
const slideshareid = match[1]
|
const slideshareid = match[1].split(/[?&=]+/)[0]
|
||||||
const div = $('<div class="slideshare raw"></div>')
|
const div = $('<div class="slideshare raw"></div>')
|
||||||
div.attr('data-slideshareid', slideshareid)
|
div.attr('data-slideshareid', slideshareid)
|
||||||
return div[0].outerHTML
|
return div[0].outerHTML
|
||||||
|
|
Loading…
Reference in New Issue