Permalink
Browse files

fixed #161 xss process after markdown transfer

  • Loading branch information...
1 parent d1a9530 commit 1e5332fa7929eee75ac574c134e063ed01bba9de @fengmk2 fengmk2 committed May 28, 2013
Showing with 7 additions and 6 deletions.
  1. +2 −1 common/render_helpers.js
  2. +1 −1 controllers/topic.js
  3. +2 −2 libs/util.js
  4. +2 −2 proxy/reply.js
View
@@ -11,6 +11,7 @@
*/
var marked = require('marked-prettyprint');
+var utils = require('../libs/util');
// Set default options
marked.setOptions({
@@ -26,7 +27,7 @@ marked.setOptions({
exports.markdown = function () {
return function (text) {
- return '<div class="markdown-text">' + marked(text || '') + '</div>';
+ return '<div class="markdown-text">' + utils.xss(marked(text || '')) + '</div>';
};
};
View
@@ -50,7 +50,7 @@ exports.index = function (req, res, next) {
return ep.emit('@user');
}
at.linkUsers(topic.content, ep.done(function (content) {
- topic.content = Util.xss(content);
+ topic.content = content;
ep.emit('@user');
}));
});
View
@@ -98,7 +98,7 @@ var xssOptions = {
i: [],
br: [],
p: [],
- pre: [],
+ pre: ['class'],
code: [],
a: ['target', 'href', 'title'],
img: ['src', 'alt', 'title'],
@@ -115,7 +115,7 @@ var xssOptions = {
dt: [],
em: [],
cite: [],
- section:[],
+ section: [],
header: [],
footer: [],
blockquote: [],
View
@@ -48,7 +48,7 @@ exports.getReplyById = function (id, callback) {
if (err) {
return callback(err);
}
- reply.content = Util.xss(str);
+ reply.content = str;
return callback(err, reply);
});
});
@@ -111,7 +111,7 @@ exports.getRepliesByTopicId = function (id, cb) {
if (err) {
return cb(err);
}
- replies[i].content = Util.xss(str);
+ replies[i].content = str;
proxy.emit('reply_find');
});
});

0 comments on commit 1e5332f

Please sign in to comment.