Skip to content
Permalink
Browse files Browse the repository at this point in the history
added sanitation to the slideMode in frontmatter
This should prevent the issue mentioned in hackmdio/codimd#1648

Specifically left out are
- dependency (user can't really include anything anyway, because CSP forbids most domains)
- autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this)
- keyboard (this let's users write arbitrary code and seems therefore to problematic)

See:
https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration
Signed-off-by: Philip Molares <philip.molares@udo.edu>
  • Loading branch information
DerMolly committed Jan 14, 2021
1 parent 5bdb392 commit 35b0d39
Showing 1 changed file with 50 additions and 1 deletion.
51 changes: 50 additions & 1 deletion public/js/slide.js
Expand Up @@ -72,7 +72,56 @@ const defaultOptions = {

// options from yaml meta
const meta = JSON.parse($('#meta').text())
var options = meta.slideOptions || {}
var options = {
autoPlayMedia: meta.slideOptions.autoPlayMedia,
autoSlide: meta.slideOptions.autoSlide,
autoSlideStoppable: meta.slideOptions.autoSlideStoppable,
backgroundTransition: meta.slideOptions.backgroundTransition,
center: meta.slideOptions.center,
controls: meta.slideOptions.controls,
controlsBackArrows: meta.slideOptions.controlsBackArrows,
controlsLayout: meta.slideOptions.controlsLayout,
controlsTutorial: meta.slideOptions.controlsTutorial,
defaultTiming: meta.slideOptions.defaultTiming,
display: meta.slideOptions.display,
embedded: meta.slideOptions.embedded,
fragmentInURL: meta.slideOptions.fragmentInURL,
fragments: meta.slideOptions.fragments,
hash: meta.slideOptions.hash,
height: meta.slideOptions.height,
help: meta.slideOptions.help,
hideAddressBar: meta.slideOptions.hideAddressBar,
hideCursorTime: meta.slideOptions.hideCursorTime,
hideInactiveCursor: meta.slideOptions.hideInactiveCursor,
history: meta.slideOptions.history,
keyboard: meta.slideOptions.keyboard,
loop: meta.slideOptions.loop,
margin: meta.slideOptions.margin,
maxScale: meta.slideOptions.maxScale,
minScale: meta.slideOptions.minScale,
minimumTimePerSlide: meta.slideOptions.minimumTimePerSlide,
mobileViewDistance: meta.slideOptions.mobileViewDistance,
mouseWheel: meta.slideOptions.mouseWheel,
navigationMode: meta.slideOptions.navigationMode,
overview: meta.slideOptions.overview,
parallaxBackgroundHorizontal: meta.slideOptions.parallaxBackgroundHorizontal,
parallaxBackgroundImage: meta.slideOptions.parallaxBackgroundImage,
parallaxBackgroundSize: meta.slideOptions.parallaxBackgroundSize,
parallaxBackgroundVertical: meta.slideOptions.parallaxBackgroundVertical,
preloadIframes: meta.slideOptions.preloadIframes,
previewLinks: meta.slideOptions.previewLinks,
progress: meta.slideOptions.progress,
rtl: meta.slideOptions.rtl,
showNotes: meta.slideOptions.showNotes,
shuffle: meta.slideOptions.shuffle,
slideNumber: meta.slideOptions.slideNumber,
totalTime: meta.slideOptions.totalTime,
touch: meta.slideOptions.touch,
transition: meta.slideOptions.transition,
transitionSpeed: meta.slideOptions.transitionSpeed,
viewDistance: meta.slideOptions.viewDistance,
width: meta.slideOptions.width
} || {}

const view = $('.reveal')

Expand Down

0 comments on commit 35b0d39

Please sign in to comment.