status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1112 from hackmdio/fix-XSS-issues 

Fix some XSS issues
This commit is contained in:
Christoph (Sheogorath) Kern 2018-12-29 21:52:03 +01:00 committed by GitHub
parent f9cc2ff0ef 067cfe2d1e
commit dba9575c94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/js/render.js
View File

@ -45,7 +45,7 @@ var filterXSSOptions = {
// allow comment tag
if (tag === '!--') {
// do not filter its attributes
return html
return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
}
},
onTagAttr: function (tag, name, value, isWhiteAttr) {

2
public/views/shared/disqus.ejs
View File

@ -5,7 +5,7 @@ var disqus_config = function () {
};
(function() {
var d = document, s = d.createElement('script');
s.src = 'https://<%= disqus %>.disqus.com/embed.js';
s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();