mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Fix unclosed tags might cause XSS [Security Issue]
This commit is contained in:
parent
d1d6d5810b
commit
9b00afb863
1 changed files with 1 additions and 1 deletions
|
@ -27,7 +27,7 @@ var filterXSSOptions = {
|
|||
whiteList: whiteList,
|
||||
escapeHtml: function (html) {
|
||||
// allow html comment in multiple lines
|
||||
return html.replace(/<(.*?)>/g, '<$1>')
|
||||
return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->')
|
||||
},
|
||||
onIgnoreTag: function (tag, html, options) {
|
||||
// allow comment tag
|
||||
|
|
Loading…
Reference in a new issue