aiden
/
memos
mirror of https://github.com/usememos/memos
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: fix XSS in renderer (#880)

Browse Source
pull/881/head
boojack 3 years ago committed by GitHub
parent 65e9fdead1
commit 7670c95360
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File

3
web/src/labs/marked/parser/Bold.ts
Unescape Escape View File

@ -1,5 +1,6 @@
import { marked } from ".."; import { marked } from "..";
import Link from "./Link"; import Link from "./Link";
import PlainText from "./PlainText";
export const BOLD_REG = /\*\*(.+?)\*\*/; export const BOLD_REG = /\*\*(.+?)\*\*/;
@ -14,7 +15,7 @@ const renderer = (rawStr: string): string => {
return rawStr; return rawStr;
} }
const parsedContent = marked(matchResult[1], [], [Link]); const parsedContent = marked(matchResult[1], [], [Link, PlainText]);
return `<strong>${parsedContent}</strong>`; return `<strong>${parsedContent}</strong>`;
}; };

3
web/src/labs/marked/parser/BoldEmphasis.ts
Unescape Escape View File

@ -1,5 +1,6 @@
import { marked } from ".."; import { marked } from "..";
import Link from "./Link"; import Link from "./Link";
import PlainText from "./PlainText";
export const BOLD_EMPHASIS_REG = /\*\*\*(.+?)\*\*\*/; export const BOLD_EMPHASIS_REG = /\*\*\*(.+?)\*\*\*/;
@ -14,7 +15,7 @@ const renderer = (rawStr: string): string => {
return rawStr; return rawStr;
} }
const parsedContent = marked(matchResult[1], [], [Link]); const parsedContent = marked(matchResult[1], [], [Link, PlainText]);
return `<strong><em>${parsedContent}</em></strong>`; return `<strong><em>${parsedContent}</em></strong>`;
}; };

3
web/src/labs/marked/parser/Emphasis.ts
Unescape Escape View File

@ -1,5 +1,6 @@
import { marked } from ".."; import { marked } from "..";
import Link from "./Link"; import Link from "./Link";
import PlainText from "./PlainText";
export const EMPHASIS_REG = /\*(.+?)\*/; export const EMPHASIS_REG = /\*(.+?)\*/;
@ -14,7 +15,7 @@ const renderer = (rawStr: string): string => {
return rawStr; return rawStr;
} }
const parsedContent = marked(matchResult[1], [], [Link]); const parsedContent = marked(matchResult[1], [], [Link, PlainText]);
return `<em>${parsedContent}</em>`; return `<em>${parsedContent}</em>`;
}; };

3
web/src/labs/marked/parser/Link.ts
Unescape Escape View File

@ -4,6 +4,7 @@ import Bold from "./Bold";
import { marked } from ".."; import { marked } from "..";
import InlineCode from "./InlineCode"; import InlineCode from "./InlineCode";
import BoldEmphasis from "./BoldEmphasis"; import BoldEmphasis from "./BoldEmphasis";
import PlainText from "./PlainText";
export const LINK_REG = /\[(.*?)\]\((.+?)\)+/; export const LINK_REG = /\[(.*?)\]\((.+?)\)+/;
@ -17,7 +18,7 @@ const renderer = (rawStr: string): string => {
if (!matchResult) { if (!matchResult) {
return rawStr; return rawStr;
} }
const parsedContent = marked(matchResult[1], [], [InlineCode, BoldEmphasis, Emphasis, Bold]); const parsedContent = marked(matchResult[1], [], [InlineCode, BoldEmphasis, Emphasis, Bold, PlainText]);
return `<a class='link' target='_blank' rel='noreferrer' href='${escape(matchResult[2])}'>${parsedContent}</a>`; return `<a class='link' target='_blank' rel='noreferrer' href='${escape(matchResult[2])}'>${parsedContent}</a>`;
}; };

Write Preview
Loading…
Cancel
Save