mirror of https://github.com/status-im/codimd.git
Merge pull request #1112 from hackmdio/fix-XSS-issues
Fix some XSS issues
This commit is contained in:
commit
dba9575c94
|
@ -45,7 +45,7 @@ var filterXSSOptions = {
|
||||||
// allow comment tag
|
// allow comment tag
|
||||||
if (tag === '!--') {
|
if (tag === '!--') {
|
||||||
// do not filter its attributes
|
// do not filter its attributes
|
||||||
return html
|
return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->')
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
onTagAttr: function (tag, name, value, isWhiteAttr) {
|
onTagAttr: function (tag, name, value, isWhiteAttr) {
|
||||||
|
|
|
@ -5,7 +5,7 @@ var disqus_config = function () {
|
||||||
};
|
};
|
||||||
(function() {
|
(function() {
|
||||||
var d = document, s = d.createElement('script');
|
var d = document, s = d.createElement('script');
|
||||||
s.src = 'https://<%= disqus %>.disqus.com/embed.js';
|
s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
|
||||||
s.setAttribute('data-timestamp', +new Date());
|
s.setAttribute('data-timestamp', +new Date());
|
||||||
(d.head || d.body).appendChild(s);
|
(d.head || d.body).appendChild(s);
|
||||||
})();
|
})();
|
||||||
|
|
Loading…
Reference in New Issue