glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #751 from metamaps/feature/markdown-xss-safe

Browse source 
enable xss filtering and smart quote replacement in markdown
This commit is contained in:
Devin Howard 2016-10-09 10:23:00 +08:00 committed by GitHub
commit 56d3ef8bea
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frontend/src/Metamaps/Util.js
View file

@ -123,7 +123,9 @@ const Util = {
return (url.match(/^https?:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null)
},
mdToHTML: text => {
return new HtmlRenderer().render(new Parser().parse(text))
// use safe: true to filter xss
return new HtmlRenderer({ safe: true, smart: true })
.render(new Parser().parse(text))
}
}