iiiypuk
/
markdown-live-preview
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #19 from tanabe/feature/issue-18-fix-self-xss 

Fix #18
This commit is contained in:
Hideaki Tanabe 2020-08-14 21:59:22 +09:00 committed by GitHub
parent 47e734ff74 5ac9997ed5
commit b0cb2ec687
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
public/index.html
View File

@ -14,6 +14,7 @@
<script type="text/javascript" src="js/jquery-1.6.1.min.js"></script>
<script type="text/javascript" src="js/jquery.autosize-min.js"></script>
<script type="text/javascript" src="js/marked.min.js"></script>
<script type="text/javascript" src="js/purify.min.js"></script>
<script type="text/javascript" src="js/main.js"></script>
<title>Markdown Live Preview</title>

3
public/js/main.js
View File

@ -9,7 +9,8 @@ $(function() {
let convert = () => {
let html = marked($('#markdown').val());
$('#output').html(html);
let sanitized = DOMPurify.sanitize(html);
$('#output').html(sanitized);
}
$('#markdown').bind('keyup', function() {

3
public/js/purify.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
public/js/purify.min.js.map Normal file
View File

File diff suppressed because one or more lines are too long