Skip to content

K
kityminder-core
Commit 06920d1e authored by techird's avatar techird
Browse files
Options

xss protection

parent 35145a18
Show whitespace changes
Inline Side-by-side
Showing with 21 additions and 4 deletions
ui/ribbon/idea/note.js
View file @ 06920d1e
...@@ -6,8 +6,13 @@ ...@@ -6,8 +6,13 @@
* @author: techird * @author: techird
* @copyright: Baidu FEX, 2014 * @copyright: Baidu FEX, 2014
*/ */
/* global marked: true */
KityMinder.registerUI('ribbon/idea/note', function(minder) { KityMinder.registerUI('ribbon/idea/note', function(minder) {
marked.setOptions({
breaks: true
});
var $attachment = minder.getUI('ribbon/idea/attachment'); var $attachment = minder.getUI('ribbon/idea/attachment');
var $noteButtonMenu = new FUI.ButtonMenu({ var $noteButtonMenu = new FUI.ButtonMenu({
...@@ -58,11 +63,23 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) { ...@@ -58,11 +63,23 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {
minder.on('uiready', function() { minder.on('uiready', function() {
editor.setSize('100%', '100%'); editor.setSize('100%', '100%');
}) });
var visible = false; var visible = false;
var selectedNode = null; var selectedNode = null;
function axss(value) {
var div = document.createElement('div');
div.innerHTML = value;
$(div).find('script').remove();
for (var name in div) {
if (name.indexOf('on') === 0) {
div.removeAttribute(name);
}
}
return div.innerHTML;
}
function updateEditorView() { function updateEditorView() {
if (noteVisible && selectedNode != minder.getSelectedNode()) { if (noteVisible && selectedNode != minder.getSelectedNode()) {
selectedNode = minder.getSelectedNode(); selectedNode = minder.getSelectedNode();
...@@ -114,7 +131,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) { ...@@ -114,7 +131,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {
var b = icon.getRenderBox('screen'); var b = icon.getRenderBox('screen');
var note = node.getData('note'); var note = node.getData('note');
$previewer.html(marked(note)); $previewer.html(marked(axss(note)));
var cw = $('#content-wrapper').width(); var cw = $('#content-wrapper').width();
var ch = $('#content-wrapper').height(); var ch = $('#content-wrapper').height();
...@@ -140,7 +157,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) { ...@@ -140,7 +157,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {
function editMode() { function editMode() {
if ($editTab.hasClass(activeTabClass)) return; if ($editTab.hasClass(activeTabClass)) return;
$preview.hide() $preview.hide();
$previewTab.removeClass(activeTabClass); $previewTab.removeClass(activeTabClass);
$editor.show().addClass(activeTabClass); $editor.show().addClass(activeTabClass);
...@@ -152,7 +169,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) { ...@@ -152,7 +169,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {
$editor.hide(); $editor.hide();
$editTab.removeClass(activeTabClass); $editTab.removeClass(activeTabClass);
$preview.html(marked(editor.getValue())).show(); $preview.html(marked(axss(editor.getValue()))).show();
$previewTab.addClass(activeTabClass); $previewTab.addClass(activeTabClass);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment