mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-28 19:10:57 -05:00
Merge pull request #1046 from SISheogorath/feature/optimizeXSS
Remove the xss library from webpack
This commit is contained in:
commit
2a8b56e14b
3 changed files with 7 additions and 10 deletions
|
@ -1,6 +1,8 @@
|
||||||
/* eslint-env browser, jquery */
|
/* eslint-env browser, jquery */
|
||||||
/* global filterXSS */
|
|
||||||
// allow some attributes
|
// allow some attributes
|
||||||
|
|
||||||
|
var filterXSS = require('xss')
|
||||||
|
|
||||||
var whiteListAttr = ['id', 'class', 'style']
|
var whiteListAttr = ['id', 'class', 'style']
|
||||||
window.whiteListAttr = whiteListAttr
|
window.whiteListAttr = whiteListAttr
|
||||||
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
|
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
|
||||||
|
@ -71,5 +73,6 @@ function preventXSS (html) {
|
||||||
window.preventXSS = preventXSS
|
window.preventXSS = preventXSS
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
preventXSS: preventXSS
|
preventXSS: preventXSS,
|
||||||
|
escapeAttrValue: filterXSS.escapeAttrValue
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* eslint-env browser, jquery */
|
/* eslint-env browser, jquery */
|
||||||
|
|
||||||
import { preventXSS } from './render'
|
import { preventXSS, escapeAttrValue } from './render'
|
||||||
import { md } from './extra'
|
import { md } from './extra'
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -259,7 +259,7 @@ import { md } from './extra'
|
||||||
while ((matchesClass = mardownClassRegex.exec(classes))) {
|
while ((matchesClass = mardownClassRegex.exec(classes))) {
|
||||||
var name = matchesClass[1]
|
var name = matchesClass[1]
|
||||||
var value = matchesClass[2]
|
var value = matchesClass[2]
|
||||||
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
|
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
|
@ -202,7 +202,6 @@ module.exports = {
|
||||||
'babel-polyfill',
|
'babel-polyfill',
|
||||||
'script-loader!jquery-ui-resizable',
|
'script-loader!jquery-ui-resizable',
|
||||||
'script-loader!js-url',
|
'script-loader!js-url',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'script-loader!Idle.Js',
|
'script-loader!Idle.Js',
|
||||||
'expose-loader?LZString!lz-string',
|
'expose-loader?LZString!lz-string',
|
||||||
'script-loader!codemirror',
|
'script-loader!codemirror',
|
||||||
|
@ -253,7 +252,6 @@ module.exports = {
|
||||||
'script-loader!handlebars',
|
'script-loader!handlebars',
|
||||||
'expose-loader?hljs!highlight.js',
|
'expose-loader?hljs!highlight.js',
|
||||||
'expose-loader?emojify!emojify.js',
|
'expose-loader?emojify!emojify.js',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'script-loader!Idle.Js',
|
'script-loader!Idle.Js',
|
||||||
'script-loader!gist-embed',
|
'script-loader!gist-embed',
|
||||||
'expose-loader?LZString!lz-string',
|
'expose-loader?LZString!lz-string',
|
||||||
|
@ -273,7 +271,6 @@ module.exports = {
|
||||||
],
|
],
|
||||||
pretty: [
|
pretty: [
|
||||||
'babel-polyfill',
|
'babel-polyfill',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'flowchart.js',
|
'flowchart.js',
|
||||||
'js-sequence-diagrams',
|
'js-sequence-diagrams',
|
||||||
'expose-loader?RevealMarkdown!reveal-markdown',
|
'expose-loader?RevealMarkdown!reveal-markdown',
|
||||||
|
@ -298,7 +295,6 @@ module.exports = {
|
||||||
'script-loader!handlebars',
|
'script-loader!handlebars',
|
||||||
'expose-loader?hljs!highlight.js',
|
'expose-loader?hljs!highlight.js',
|
||||||
'expose-loader?emojify!emojify.js',
|
'expose-loader?emojify!emojify.js',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'script-loader!gist-embed',
|
'script-loader!gist-embed',
|
||||||
'flowchart.js',
|
'flowchart.js',
|
||||||
'js-sequence-diagrams',
|
'js-sequence-diagrams',
|
||||||
|
@ -310,7 +306,6 @@ module.exports = {
|
||||||
slide: [
|
slide: [
|
||||||
'babel-polyfill',
|
'babel-polyfill',
|
||||||
'bootstrap-tooltip',
|
'bootstrap-tooltip',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'flowchart.js',
|
'flowchart.js',
|
||||||
'js-sequence-diagrams',
|
'js-sequence-diagrams',
|
||||||
'expose-loader?RevealMarkdown!reveal-markdown',
|
'expose-loader?RevealMarkdown!reveal-markdown',
|
||||||
|
@ -338,7 +333,6 @@ module.exports = {
|
||||||
'script-loader!handlebars',
|
'script-loader!handlebars',
|
||||||
'expose-loader?hljs!highlight.js',
|
'expose-loader?hljs!highlight.js',
|
||||||
'expose-loader?emojify!emojify.js',
|
'expose-loader?emojify!emojify.js',
|
||||||
'expose-loader?filterXSS!xss',
|
|
||||||
'script-loader!gist-embed',
|
'script-loader!gist-embed',
|
||||||
'flowchart.js',
|
'flowchart.js',
|
||||||
'js-sequence-diagrams',
|
'js-sequence-diagrams',
|
||||||
|
|
Loading…
Reference in a new issue