mirror of https://github.com/status-im/codimd.git
Fix XSS HTML replace might get wrong on the HTML comments in the code tags
This commit is contained in:
parent
0fb70a1487
commit
edc3a31dfd
|
@ -3,6 +3,10 @@ var whiteListAttr = ['id', 'class', 'style'];
|
|||
|
||||
var filterXSSOptions = {
|
||||
allowCommentTag: true,
|
||||
escapeHtml: function (html) {
|
||||
// to allow html comment in multiple lines
|
||||
return html.replace(/<(.*?)>/g, '<$1>');
|
||||
},
|
||||
onIgnoreTag: function (tag, html, options) {
|
||||
// allow style in html
|
||||
if (whiteListTag.indexOf(tag) !== -1) {
|
||||
|
|
Loading…
Reference in New Issue