iiiypuk/markdown-live-preview
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #19 from tanabe/feature/issue-18-fix-self-xss

Browse Source 
Fix #18
This commit is contained in:
Hideaki Tanabe 2020-08-14 21:59:22 +09:00 committed by GitHub
commit b0cb2ec687
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
public/index.html
View File

@ -14,6 +14,7 @@
<script type="text/javascript" src="js/jquery-1.6.1.min.js"></script> <script type="text/javascript" src="js/jquery-1.6.1.min.js"></script>
<script type="text/javascript" src="js/jquery.autosize-min.js"></script> <script type="text/javascript" src="js/jquery.autosize-min.js"></script>
<script type="text/javascript" src="js/marked.min.js"></script> <script type="text/javascript" src="js/marked.min.js"></script>
<script type="text/javascript" src="js/purify.min.js"></script>
<script type="text/javascript" src="js/main.js"></script> <script type="text/javascript" src="js/main.js"></script>
<title>Markdown Live Preview</title> <title>Markdown Live Preview</title>

3
public/js/main.js
View File

@ -9,7 +9,8 @@ $(function() {
let convert = () => { let convert = () => {
let html = marked($('#markdown').val()); let html = marked($('#markdown').val());
$('#output').html(html); let sanitized = DOMPurify.sanitize(html);
$('#output').html(sanitized);
} }
$('#markdown').bind('keyup', function() { $('#markdown').bind('keyup', function() {

3
public/js/purify.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
public/js/purify.min.js.map Normal file
View File

File diff suppressed because one or more lines are too long