Merge pull request #1112 from hackmdio/fix-XSS-issues

Fix some XSS issues
This commit is contained in:
Christoph (Sheogorath) Kern 2018-12-29 21:52:03 +01:00 committed by GitHub
commit dba9575c94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View File

@ -45,7 +45,7 @@ var filterXSSOptions = {
// allow comment tag
if (tag === '!--') {
// do not filter its attributes
return html
return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
}
},
onTagAttr: function (tag, name, value, isWhiteAttr) {

View File

@ -5,7 +5,7 @@ var disqus_config = function () {
};
(function() {
var d = document, s = d.createElement('script');
s.src = 'https://<%= disqus %>.disqus.com/embed.js';
s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();