osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
69dee799e9
osr-discourse-src/app/assets/javascripts/discourse/dialects/anchor_dialect.js
Régis Hanol e663d78104 SECURITY: sanitize markdown urls (prevent XSS)
2014-03-27 15:34:35 +01:00

14 lines
300 B
JavaScript
Raw Blame History

// prevent XSS
Discourse.Dialect.on('parseNode', function (event) {
var node = event.node;
if (node[0] === 'a') {
var attributes = node[1];
if (attributes["href"]) {
if (!Discourse.Markdown.urlAllowed(attributes["href"])) {
delete attributes["href"];
}
}
}
});
Reference in New Issue View Git Blame Copy Permalink