mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-01 14:41:55 -05:00
Fix unclosed tags might cause XSS [Security Issue]
This commit is contained in:
parent
d1d6d5810b
commit
9b00afb863
1 changed files with 1 additions and 1 deletions
|
@ -27,7 +27,7 @@ var filterXSSOptions = {
|
||||||
whiteList: whiteList,
|
whiteList: whiteList,
|
||||||
escapeHtml: function (html) {
|
escapeHtml: function (html) {
|
||||||
// allow html comment in multiple lines
|
// allow html comment in multiple lines
|
||||||
return html.replace(/<(.*?)>/g, '<$1>')
|
return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->')
|
||||||
},
|
},
|
||||||
onIgnoreTag: function (tag, html, options) {
|
onIgnoreTag: function (tag, html, options) {
|
||||||
// allow comment tag
|
// allow comment tag
|
||||||
|
|
Loading…
Reference in a new issue