Skip to content

Commit f491cda

Browse files
jackycutejackycute
committed
Fix rendering might result XSS attribute on self closing tag [Security Issue]
1 parent edb1b4a commit f491cda

4 files changed

Lines changed: 20 additions & 1 deletion

File tree

public/js/extra.js

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -551,6 +551,19 @@ export function postProcess (code) {
551551
}
552552
window.postProcess = postProcess
553553

554+
var domevents = Object.getOwnPropertyNames(document).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(Object.getPrototypeOf(document)))).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(window))).filter(function (i) {
555+
return !i.indexOf('on') && (document[i] === null || typeof document[i] === 'function')
556+
}).filter(function (elem, pos, self) {
557+
return self.indexOf(elem) === pos
558+
})
559+
560+
export function removeDOMEvents (view) {
561+
for (var i = 0, l = domevents.length; i < l; i++) {
562+
view.find('[' + domevents[i] + ']').removeAttr(domevents[i])
563+
}
564+
}
565+
window.removeDOMEvents = removeDOMEvents
566+
554567
function generateCleanHTML (view) {
555568
const src = view.clone()
556569
const eles = src.find('*')

public/js/index.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ import {
4242
deduplicatedHeaderId,
4343
exportToHTML,
4444
exportToRawHTML,
45+
removeDOMEvents,
4546
finishView,
4647
generateToc,
4748
isValidURL,
@@ -3374,6 +3375,7 @@ function updateViewInner () {
33743375
if (result && lastResult && result.length !== lastResult.length) { updateDataAttrs(result, ui.area.markdown.children().toArray()) }
33753376
lastResult = $(result).clone()
33763377
}
3378+
removeDOMEvents(ui.area.markdown)
33773379
finishView(ui.area.markdown)
33783380
autoLinkify(ui.area.markdown)
33793381
deduplicatedHeaderId(ui.area.markdown)

public/js/pretty.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ require('highlight.js/styles/github-gist.css')
1010
import {
1111
autoLinkify,
1212
deduplicatedHeaderId,
13+
removeDOMEvents,
1314
finishView,
1415
generateToc,
1516
md,
@@ -57,6 +58,7 @@ if (md.meta.type && md.meta.type === 'slide') {
5758
}
5859
$(document.body).show()
5960

61+
removeDOMEvents(markdown)
6062
finishView(markdown)
6163
autoLinkify(markdown)
6264
deduplicatedHeaderId(markdown)

public/js/slide.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
require('../css/extra.css')
55
require('../css/site.css')
66

7-
import { md, updateLastChange, finishView } from './extra'
7+
import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
88

99
const body = $('.slides').text()
1010

@@ -109,13 +109,15 @@ function renderSlide (event) {
109109
if (window.location.search.match(/print-pdf/gi)) {
110110
const slides = $('.slides')
111111
let title = document.title
112+
removeDOMEvents(slides)
112113
finishView(slides)
113114
document.title = title
114115
Reveal.layout()
115116
} else {
116117
const markdown = $(event.currentSlide)
117118
if (!markdown.attr('data-rendered')) {
118119
let title = document.title
120+
removeDOMEvents(markdown)
119121
finishView(markdown)
120122
markdown.attr('data-rendered', 'true')
121123
document.title = title

0 commit comments

Comments
 (0)