fix(security): potential JSONP callback overwritten

Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
Max Wu 2019-08-06 21:43:12 +08:00
parent 3038f5cfd1
commit 79e6d3d724
1 changed files with 3 additions and 3 deletions

View File

@ -1111,7 +1111,7 @@ const vimeoPlugin = new Plugin(
/{%vimeo\s*([\d\D]*?)\s*%}/, /{%vimeo\s*([\d\D]*?)\s*%}/,
(match, utils) => { (match, utils) => {
const videoid = match[1] const videoid = match[1].split(/[?&=]+/)[0]
if (!videoid) return if (!videoid) return
const div = $('<div class="vimeo raw"></div>') const div = $('<div class="vimeo raw"></div>')
div.attr('data-videoid', videoid) div.attr('data-videoid', videoid)
@ -1126,7 +1126,7 @@ const gistPlugin = new Plugin(
/{%gist\s*([\d\D]*?)\s*%}/, /{%gist\s*([\d\D]*?)\s*%}/,
(match, utils) => { (match, utils) => {
const gistid = match[1] const gistid = match[1].split(/[?&=]+/)[0]
const code = `<code data-gist-id="${gistid}"></code>` const code = `<code data-gist-id="${gistid}"></code>`
return code return code
} }
@ -1144,7 +1144,7 @@ const slidesharePlugin = new Plugin(
/{%slideshare\s*([\d\D]*?)\s*%}/, /{%slideshare\s*([\d\D]*?)\s*%}/,
(match, utils) => { (match, utils) => {
const slideshareid = match[1] const slideshareid = match[1].split(/[?&=]+/)[0]
const div = $('<div class="slideshare raw"></div>') const div = $('<div class="slideshare raw"></div>')
div.attr('data-slideshareid', slideshareid) div.attr('data-slideshareid', slideshareid)
return div[0].outerHTML return div[0].outerHTML