status-im/codimd
2
0
Fork 0
mirror of https://github.com/status-im/codimd.git synced 2025-01-14 19:34:08 +00:00
Code Issues Projects Releases Wiki Activity

Fix unclosed tags might cause XSS [Security Issue]

Browse Source
This commit is contained in:
Wu Cheng-Han 2017-09-27 18:20:04 +08:00
parent d1d6d5810b
commit 9b00afb863
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/js/render.js
View File

@ -27,7 +27,7 @@ var filterXSSOptions = {
whiteList: whiteList,
escapeHtml: function (html) {
// allow html comment in multiple lines
return html.replace(/<(.*?)>/g, '&lt;$1&gt;')
return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
},
onIgnoreTag: function (tag, html, options) {
// allow comment tag