Permalink
Browse files

Remove the xss library from webpack

We can load the xss functions directly from the library instead of
loading them through the expose loader of webpack, this should simplify
the setup and maybe even improve speed a bit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
  • Loading branch information...
SISheogorath committed Nov 10, 2018
1 parent 4e5e7df commit c59b94a37b9d44f6c56b12f61cbfb80ff5f0db50
Showing with 7 additions and 10 deletions.
  1. +5 −2 public/js/render.js
  2. +2 −2 public/js/reveal-markdown.js
  3. +0 −6 webpack.common.js
@@ -1,6 +1,8 @@
/* eslint-env browser, jquery */
/* global filterXSS */
// allow some attributes
var filterXSS = require('xss')
var whiteListAttr = ['id', 'class', 'style']
window.whiteListAttr = whiteListAttr
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@@ -71,5 +73,6 @@ function preventXSS (html) {
window.preventXSS = preventXSS
module.exports = {
preventXSS: preventXSS
preventXSS: preventXSS,
escapeAttrValue: filterXSS.escapeAttrValue
}
@@ -1,6 +1,6 @@
/* eslint-env browser, jquery */
import { preventXSS } from './render'
import { preventXSS, escapeAttrValue } from './render'
import { md } from './extra'
/**
@@ -259,7 +259,7 @@ import { md } from './extra'
while ((matchesClass = mardownClassRegex.exec(classes))) {
var name = matchesClass[1]
var value = matchesClass[2]
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
}
return true
}
@@ -202,7 +202,6 @@ module.exports = {
'babel-polyfill',
'script-loader!jquery-ui-resizable',
'script-loader!js-url',
'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'expose-loader?LZString!lz-string',
'script-loader!codemirror',
@@ -253,7 +252,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'script-loader!gist-embed',
'expose-loader?LZString!lz-string',
@@ -273,7 +271,6 @@ module.exports = {
],
pretty: [
'babel-polyfill',
'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@@ -298,7 +295,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',
@@ -310,7 +306,6 @@ module.exports = {
slide: [
'babel-polyfill',
'bootstrap-tooltip',
'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@@ -338,7 +333,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',

0 comments on commit c59b94a

Please sign in to comment.