mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 03:06:31 -05:00
Remove the xss library from webpack
We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
4e5e7df4f8
commit
c59b94a37b
3 changed files with 7 additions and 10 deletions
|
@ -1,6 +1,8 @@
|
|||
/* eslint-env browser, jquery */
|
||||
/* global filterXSS */
|
||||
// allow some attributes
|
||||
|
||||
var filterXSS = require('xss')
|
||||
|
||||
var whiteListAttr = ['id', 'class', 'style']
|
||||
window.whiteListAttr = whiteListAttr
|
||||
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
|
||||
|
@ -71,5 +73,6 @@ function preventXSS (html) {
|
|||
window.preventXSS = preventXSS
|
||||
|
||||
module.exports = {
|
||||
preventXSS: preventXSS
|
||||
preventXSS: preventXSS,
|
||||
escapeAttrValue: filterXSS.escapeAttrValue
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* eslint-env browser, jquery */
|
||||
|
||||
import { preventXSS } from './render'
|
||||
import { preventXSS, escapeAttrValue } from './render'
|
||||
import { md } from './extra'
|
||||
|
||||
/**
|
||||
|
@ -259,7 +259,7 @@ import { md } from './extra'
|
|||
while ((matchesClass = mardownClassRegex.exec(classes))) {
|
||||
var name = matchesClass[1]
|
||||
var value = matchesClass[2]
|
||||
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
|
||||
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -202,7 +202,6 @@ module.exports = {
|
|||
'babel-polyfill',
|
||||
'script-loader!jquery-ui-resizable',
|
||||
'script-loader!js-url',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'script-loader!Idle.Js',
|
||||
'expose-loader?LZString!lz-string',
|
||||
'script-loader!codemirror',
|
||||
|
@ -253,7 +252,6 @@ module.exports = {
|
|||
'script-loader!handlebars',
|
||||
'expose-loader?hljs!highlight.js',
|
||||
'expose-loader?emojify!emojify.js',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'script-loader!Idle.Js',
|
||||
'script-loader!gist-embed',
|
||||
'expose-loader?LZString!lz-string',
|
||||
|
@ -273,7 +271,6 @@ module.exports = {
|
|||
],
|
||||
pretty: [
|
||||
'babel-polyfill',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'flowchart.js',
|
||||
'js-sequence-diagrams',
|
||||
'expose-loader?RevealMarkdown!reveal-markdown',
|
||||
|
@ -298,7 +295,6 @@ module.exports = {
|
|||
'script-loader!handlebars',
|
||||
'expose-loader?hljs!highlight.js',
|
||||
'expose-loader?emojify!emojify.js',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'script-loader!gist-embed',
|
||||
'flowchart.js',
|
||||
'js-sequence-diagrams',
|
||||
|
@ -310,7 +306,6 @@ module.exports = {
|
|||
slide: [
|
||||
'babel-polyfill',
|
||||
'bootstrap-tooltip',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'flowchart.js',
|
||||
'js-sequence-diagrams',
|
||||
'expose-loader?RevealMarkdown!reveal-markdown',
|
||||
|
@ -338,7 +333,6 @@ module.exports = {
|
|||
'script-loader!handlebars',
|
||||
'expose-loader?hljs!highlight.js',
|
||||
'expose-loader?emojify!emojify.js',
|
||||
'expose-loader?filterXSS!xss',
|
||||
'script-loader!gist-embed',
|
||||
'flowchart.js',
|
||||
'js-sequence-diagrams',
|
||||
|
|
Loading…
Reference in a new issue