osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: XSS in markdown converter.

Browse Source
This commit is contained in:
Robin Ward
2014-04-28 14:43:49 -04:00
parent 495f78f574
commit ba683bc611
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/assets/javascripts/discourse/dialects/dialect.js
+2 -3
View File
@@ -42,7 +42,6 @@ function processTextNodes(node, event, emitter) {
for (var j=1; j<node.length; j++) {
var textContent = node[j];
if (typeof textContent === "string") {
if (dialect.options.sanitize && !skipSanitize[textContent]) {
textContent = Discourse.Markdown.sanitize(textContent);
}
@@ -63,9 +62,9 @@ function processTextNodes(node, event, emitter) {
}
}
}
/**
Parse a JSON ML tree, using registered handlers to adjust it if necessary.
@@ -96,7 +95,7 @@ function parseTree(tree, path, insideCounts) {
insideCounts[tagName] = (insideCounts[tagName] || 0) + 1;
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/m.exec(n[1])) {
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/.exec(n[1])) {
// Remove paragraphs around comment-only nodes.
tree[i] = n[1];
} else {