Permalink
Browse files

Fix to escape html comment tag [Security Issue]

Signed-off-by: Max Wu <jackymaxj@gmail.com>
  • Loading branch information...
jackycute committed Dec 28, 2018
1 parent b89a351 commit 067cfe2d1eedc5a58e5548785858e38fbaa0e84b
Showing with 1 addition and 1 deletion.
  1. +1 −1 public/js/render.js
@@ -45,7 +45,7 @@ var filterXSSOptions = {
// allow comment tag
if (tag === '!--') {
// do not filter its attributes
return html
return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
}
},
onTagAttr: function (tag, name, value, isWhiteAttr) {

0 comments on commit 067cfe2

Please sign in to comment.