hedgedoc/public/js
David Mehren c32b1cf42b
Don't store mermaid diagrams in innerHTML
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 10:14:27 +01:00
..
lib Remove pdf export code 2020-11-26 21:09:23 +01:00
cover.js Replace CodiMD with HedgeDoc 2020-11-14 21:18:36 +01:00
extra.js Don't store mermaid diagrams in innerHTML 2020-12-27 10:14:27 +01:00
history.js Fix eslint warnings 2019-05-31 00:30:29 +02:00
htmlExport.js Use JavaScript Standard Style (part 2) 2017-03-09 02:41:05 +08:00
index.js Remove reference to nonexisting DOM element 2020-11-27 19:24:43 +01:00
locale.js Add config option for cookie SameSite policy 2020-08-27 02:04:49 +02:00
mathjax-config-extra.js Fix MathJax config not being picked up 2017-10-22 02:48:24 +02:00
pretty.js Fix eslint warnings 2019-05-31 00:30:29 +02:00
render.js Don't accept sandbox attribute 2019-10-22 12:04:12 +02:00
reveal-markdown.js Remove the xss library from webpack 2018-11-10 20:27:07 +01:00
slide.js Fix eslint warnings 2019-05-31 00:30:29 +02:00
utils.js Update to migrate note url in the history of browser storage and cookie 2018-03-03 16:26:19 +08:00