From b89a35196a7a0aa5ad25f942b8d7bd4ca392eece Mon Sep 17 00:00:00 2001
From: Max Wu <jackymaxj@gmail.com>
Date: Fri, 28 Dec 2018 16:39:13 +0800
Subject: [PATCH 1/2] Fix to sanitize disqus shortnames to remove slashes
 [Security Issue]

Signed-off-by: Max Wu <jackymaxj@gmail.com>
---
 public/views/shared/disqus.ejs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/views/shared/disqus.ejs b/public/views/shared/disqus.ejs
index 840d1e3..2311d3f 100644
--- a/public/views/shared/disqus.ejs
+++ b/public/views/shared/disqus.ejs
@@ -5,7 +5,7 @@ var disqus_config = function () {
 };
 (function() {
     var d = document, s = d.createElement('script');
-    s.src = 'https://<%= disqus %>.disqus.com/embed.js';
+    s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
     s.setAttribute('data-timestamp', +new Date());
     (d.head || d.body).appendChild(s);
 })();

From 067cfe2d1eedc5a58e5548785858e38fbaa0e84b Mon Sep 17 00:00:00 2001
From: Max Wu <jackymaxj@gmail.com>
Date: Fri, 28 Dec 2018 16:42:55 +0800
Subject: [PATCH 2/2] Fix to escape html comment tag [Security Issue]

Signed-off-by: Max Wu <jackymaxj@gmail.com>
---
 public/js/render.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/js/render.js b/public/js/render.js
index ff5e2bf..87e5cfd 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -45,7 +45,7 @@ var filterXSSOptions = {
     // allow comment tag
     if (tag === '!--') {
             // do not filter its attributes
-      return html
+      return html.replace(/<(?!!--)/g, '&lt;').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '&gt;').replace(/__HTML_COMMENT_END__/g, '-->')
     }
   },
   onTagAttr: function (tag, name, value, isWhiteAttr) {