Commit Graph

13 Commits

Author SHA1 Message Date
Wu Cheng-Han 79d5b2c37f Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue] 2016-11-26 22:46:58 +08:00
Wu Cheng-Han ba2bfa2188 Update to support summary tag 2016-10-29 23:43:58 +08:00
Yukai Huang e10203b7e9 More function expose workaround for reveal-markdown.js 2016-10-10 08:24:58 +08:00
Yukai Huang 963a435ae1 Resolve dependency module requiring
* es5 style module exports
* remove script tag require
* webpack config ProvidePlugin

Note that this commit only fix JavaScript module loading runtime error.
2016-10-08 20:02:30 +08:00
Wu Cheng-Han ecd7218917 Update to support data uri in src attribute of image tag 2016-08-15 11:00:02 +08:00
Wu Cheng-Han cf290e86e1 Update XSS policy to allow iframe and link with custom protocol 2016-08-14 18:32:22 +08:00
Cheng-Han, Wu f6a995143d Update filter XSS to allow attr href starts with '.' or '/' 2016-04-20 18:18:52 +08:00
Cheng-Han, Wu edc3a31dfd Fix XSS HTML replace might get wrong on the HTML comments in the code tags 2016-04-20 18:10:43 +08:00
Cheng-Han, Wu 049eae5024 Fixed filter XSS should allow ordered list specify start number 2016-03-04 23:17:59 +08:00
Cheng-Han, Wu c509abbc39 Support kbd tag 2016-02-22 22:42:40 +08:00
Cheng-Han, Wu 2501b190ab Updated to support html comment tag in XSS 2016-02-16 09:51:22 -06:00
Cheng-Han, Wu 2a774064af Updated XSS filter options to allow style tag and style attribute 2016-02-11 14:33:21 -06:00
Cheng-Han, Wu 4c4a0e0f3f Fixed prevent XSS might break lots of tags and only need after rendered 2016-02-11 03:45:13 -06:00