Fix rendering might result XSS attribute on self closing tag [Security Issue]

This commit is contained in:
Wu Cheng-Han 2017-03-14 16:27:55 +08:00
parent edb1b4aa0a
commit f491cdabc1
4 changed files with 20 additions and 1 deletions

View file

@ -551,6 +551,19 @@ export function postProcess (code) {
} }
window.postProcess = postProcess window.postProcess = postProcess
var domevents = Object.getOwnPropertyNames(document).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(Object.getPrototypeOf(document)))).concat(Object.getOwnPropertyNames(Object.getPrototypeOf(window))).filter(function (i) {
return !i.indexOf('on') && (document[i] === null || typeof document[i] === 'function')
}).filter(function (elem, pos, self) {
return self.indexOf(elem) === pos
})
export function removeDOMEvents (view) {
for (var i = 0, l = domevents.length; i < l; i++) {
view.find('[' + domevents[i] + ']').removeAttr(domevents[i])
}
}
window.removeDOMEvents = removeDOMEvents
function generateCleanHTML (view) { function generateCleanHTML (view) {
const src = view.clone() const src = view.clone()
const eles = src.find('*') const eles = src.find('*')

View file

@ -42,6 +42,7 @@ import {
deduplicatedHeaderId, deduplicatedHeaderId,
exportToHTML, exportToHTML,
exportToRawHTML, exportToRawHTML,
removeDOMEvents,
finishView, finishView,
generateToc, generateToc,
isValidURL, isValidURL,
@ -3374,6 +3375,7 @@ function updateViewInner () {
if (result && lastResult && result.length !== lastResult.length) { updateDataAttrs(result, ui.area.markdown.children().toArray()) } if (result && lastResult && result.length !== lastResult.length) { updateDataAttrs(result, ui.area.markdown.children().toArray()) }
lastResult = $(result).clone() lastResult = $(result).clone()
} }
removeDOMEvents(ui.area.markdown)
finishView(ui.area.markdown) finishView(ui.area.markdown)
autoLinkify(ui.area.markdown) autoLinkify(ui.area.markdown)
deduplicatedHeaderId(ui.area.markdown) deduplicatedHeaderId(ui.area.markdown)

View file

@ -10,6 +10,7 @@ require('highlight.js/styles/github-gist.css')
import { import {
autoLinkify, autoLinkify,
deduplicatedHeaderId, deduplicatedHeaderId,
removeDOMEvents,
finishView, finishView,
generateToc, generateToc,
md, md,
@ -57,6 +58,7 @@ if (md.meta.type && md.meta.type === 'slide') {
} }
$(document.body).show() $(document.body).show()
removeDOMEvents(markdown)
finishView(markdown) finishView(markdown)
autoLinkify(markdown) autoLinkify(markdown)
deduplicatedHeaderId(markdown) deduplicatedHeaderId(markdown)

View file

@ -4,7 +4,7 @@
require('../css/extra.css') require('../css/extra.css')
require('../css/site.css') require('../css/site.css')
import { md, updateLastChange, finishView } from './extra' import { md, updateLastChange, removeDOMEvents, finishView } from './extra'
const body = $('.slides').text() const body = $('.slides').text()
@ -109,6 +109,7 @@ function renderSlide (event) {
if (window.location.search.match(/print-pdf/gi)) { if (window.location.search.match(/print-pdf/gi)) {
const slides = $('.slides') const slides = $('.slides')
let title = document.title let title = document.title
removeDOMEvents(slides)
finishView(slides) finishView(slides)
document.title = title document.title = title
Reveal.layout() Reveal.layout()
@ -116,6 +117,7 @@ function renderSlide (event) {
const markdown = $(event.currentSlide) const markdown = $(event.currentSlide)
if (!markdown.attr('data-rendered')) { if (!markdown.attr('data-rendered')) {
let title = document.title let title = document.title
removeDOMEvents(markdown)
finishView(markdown) finishView(markdown)
markdown.attr('data-rendered', 'true') markdown.attr('data-rendered', 'true')
document.title = title document.title = title