fix: properly escape reveal markdown script tag with case-insensitive regex [Security Issue]

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 13:23:11 +08:00 · 2021-01-21 13:23:11 +08:00 · 9291a7670a
parent dd16949222
commit 9291a7670a
1 changed files with 1 additions and 1 deletions
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@ -103,7 +103,7 @@ import { md } from './extra'

    // prevent script end tags in the content from interfering
    // with parsing
-    content = content.replace(/<\/script>/g, SCRIPT_END_PLACEHOLDER)
+    content = content.replace(/<\/script>/gi, SCRIPT_END_PLACEHOLDER)

    return '<script type="text/template">' + content + '</script>'
  }