Remove the xss library from webpack

We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2025-01-11 16:34:33 +00:00 · 2018-11-10 20:24:41 +01:00 · 2018-11-10 20:24:41 +01:00 · c59b94a37b
commit c59b94a37b
parent 4e5e7df4f8
3 changed files with 7 additions and 10 deletions
--- a/public/js/render.js
+++ b/public/js/render.js
@ -1,6 +1,8 @@
 /* eslint-env browser, jquery */
-/* global filterXSS */
 // allow some attributes
+
+var filterXSS = require('xss')
+
 var whiteListAttr = ['id', 'class', 'style']
 window.whiteListAttr = whiteListAttr
 // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@ -71,5 +73,6 @@ function preventXSS (html) {
 window.preventXSS = preventXSS

 module.exports = {
-  preventXSS: preventXSS
+  preventXSS: preventXSS,
+  escapeAttrValue: filterXSS.escapeAttrValue
 }
--- a/public/js/reveal-markdown.js
+++ b/public/js/reveal-markdown.js
@ -1,6 +1,6 @@
 /* eslint-env browser, jquery */

-import { preventXSS } from './render'
+import { preventXSS, escapeAttrValue } from './render'
 import { md } from './extra'

 /**
@ -259,7 +259,7 @@ import { md } from './extra'
      while ((matchesClass = mardownClassRegex.exec(classes))) {
        var name = matchesClass[1]
        var value = matchesClass[2]
-        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
+        if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
      }
      return true
    }
--- a/webpack.common.js
+++ b/webpack.common.js
@ -202,7 +202,6 @@ module.exports = {
      'babel-polyfill',
      'script-loader!jquery-ui-resizable',
      'script-loader!js-url',
-      'expose-loader?filterXSS!xss',
      'script-loader!Idle.Js',
      'expose-loader?LZString!lz-string',
      'script-loader!codemirror',
@ -253,7 +252,6 @@ module.exports = {
      'script-loader!handlebars',
      'expose-loader?hljs!highlight.js',
      'expose-loader?emojify!emojify.js',
-      'expose-loader?filterXSS!xss',
      'script-loader!Idle.Js',
      'script-loader!gist-embed',
      'expose-loader?LZString!lz-string',
@ -273,7 +271,6 @@ module.exports = {
    ],
    pretty: [
      'babel-polyfill',
-      'expose-loader?filterXSS!xss',
      'flowchart.js',
      'js-sequence-diagrams',
      'expose-loader?RevealMarkdown!reveal-markdown',
@ -298,7 +295,6 @@ module.exports = {
      'script-loader!handlebars',
      'expose-loader?hljs!highlight.js',
      'expose-loader?emojify!emojify.js',
-      'expose-loader?filterXSS!xss',
      'script-loader!gist-embed',
      'flowchart.js',
      'js-sequence-diagrams',
@ -310,7 +306,6 @@ module.exports = {
    slide: [
      'babel-polyfill',
      'bootstrap-tooltip',
-      'expose-loader?filterXSS!xss',
      'flowchart.js',
      'js-sequence-diagrams',
      'expose-loader?RevealMarkdown!reveal-markdown',
@ -338,7 +333,6 @@ module.exports = {
      'script-loader!handlebars',
      'expose-loader?hljs!highlight.js',
      'expose-loader?emojify!emojify.js',
-      'expose-loader?filterXSS!xss',
      'script-loader!gist-embed',
      'flowchart.js',
      'js-sequence-diagrams',