Commit Graph

20 Commits

Author SHA1 Message Date
Sheogorath 93b91163cd
Prevent XSS vul by srcdoc in iframe 2017-11-24 10:10:50 +01:00
Wu Cheng-Han 9b00afb863 Fix unclosed tags might cause XSS [Security Issue] 2017-09-27 18:20:04 +08:00
Wu Cheng-Han 48df250491 Fix link regex should filter protocol with case insensitive flag [Security Issue] 2017-04-11 22:25:14 +08:00
Wu Cheng-Han e629800457 Fix XSS vulnerability in link regex [Security Issue] 2017-03-22 18:26:35 +08:00
Wu Cheng-Han 0f3b028ed6 Fix render.js code styles 2017-03-22 18:26:30 +08:00
BoHong Li 5bc642d02e Use JavaScript Standard Style (part 2)
Fixed all fail on frontend code.
2017-03-09 02:41:05 +08:00
Wu Cheng-Han 1ca39d9c8e Update to allow li tag specify value number 2017-02-17 21:56:35 +08:00
Wu Cheng-Han 79d5b2c37f Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue] 2016-11-26 22:46:58 +08:00
Wu Cheng-Han ba2bfa2188 Update to support summary tag 2016-10-29 23:43:58 +08:00
Yukai Huang e10203b7e9 More function expose workaround for reveal-markdown.js 2016-10-10 08:24:58 +08:00
Yukai Huang 963a435ae1 Resolve dependency module requiring
* es5 style module exports
* remove script tag require
* webpack config ProvidePlugin

Note that this commit only fix JavaScript module loading runtime error.
2016-10-08 20:02:30 +08:00
Wu Cheng-Han ecd7218917 Update to support data uri in src attribute of image tag 2016-08-15 11:00:02 +08:00
Wu Cheng-Han cf290e86e1 Update XSS policy to allow iframe and link with custom protocol 2016-08-14 18:32:22 +08:00
Cheng-Han, Wu f6a995143d Update filter XSS to allow attr href starts with '.' or '/' 2016-04-20 18:18:52 +08:00
Cheng-Han, Wu edc3a31dfd Fix XSS HTML replace might get wrong on the HTML comments in the code tags 2016-04-20 18:10:43 +08:00
Cheng-Han, Wu 049eae5024 Fixed filter XSS should allow ordered list specify start number 2016-03-04 23:17:59 +08:00
Cheng-Han, Wu c509abbc39 Support kbd tag 2016-02-22 22:42:40 +08:00
Cheng-Han, Wu 2501b190ab Updated to support html comment tag in XSS 2016-02-16 09:51:22 -06:00
Cheng-Han, Wu 2a774064af Updated XSS filter options to allow style tag and style attribute 2016-02-11 14:33:21 -06:00
Cheng-Han, Wu 4c4a0e0f3f Fixed prevent XSS might break lots of tags and only need after rendered 2016-02-11 03:45:13 -06:00