Remove the xss library from webpack

We can load the xss functions directly from the library instead of
loading them through the expose loader of webpack, this should simplify
the setup and maybe even improve speed a bit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2018-11-10 20:24:41 +01:00
parent 4e5e7df4f8
commit c59b94a37b
No known key found for this signature in database
GPG key ID: 1F05CC3635CDDFFD
3 changed files with 7 additions and 10 deletions

View file

@ -1,6 +1,8 @@
/* eslint-env browser, jquery */
/* global filterXSS */
// allow some attributes
var filterXSS = require('xss')
var whiteListAttr = ['id', 'class', 'style']
window.whiteListAttr = whiteListAttr
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
@ -71,5 +73,6 @@ function preventXSS (html) {
window.preventXSS = preventXSS
module.exports = {
preventXSS: preventXSS
preventXSS: preventXSS,
escapeAttrValue: filterXSS.escapeAttrValue
}

View file

@ -1,6 +1,6 @@
/* eslint-env browser, jquery */
import { preventXSS } from './render'
import { preventXSS, escapeAttrValue } from './render'
import { md } from './extra'
/**
@ -259,7 +259,7 @@ import { md } from './extra'
while ((matchesClass = mardownClassRegex.exec(classes))) {
var name = matchesClass[1]
var value = matchesClass[2]
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) }
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) }
}
return true
}

View file

@ -202,7 +202,6 @@ module.exports = {
'babel-polyfill',
'script-loader!jquery-ui-resizable',
'script-loader!js-url',
'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'expose-loader?LZString!lz-string',
'script-loader!codemirror',
@ -253,7 +252,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!Idle.Js',
'script-loader!gist-embed',
'expose-loader?LZString!lz-string',
@ -273,7 +271,6 @@ module.exports = {
],
pretty: [
'babel-polyfill',
'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@ -298,7 +295,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',
@ -310,7 +306,6 @@ module.exports = {
slide: [
'babel-polyfill',
'bootstrap-tooltip',
'expose-loader?filterXSS!xss',
'flowchart.js',
'js-sequence-diagrams',
'expose-loader?RevealMarkdown!reveal-markdown',
@ -338,7 +333,6 @@ module.exports = {
'script-loader!handlebars',
'expose-loader?hljs!highlight.js',
'expose-loader?emojify!emojify.js',
'expose-loader?filterXSS!xss',
'script-loader!gist-embed',
'flowchart.js',
'js-sequence-diagrams',