Skip to content

Commit

Permalink
xss protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@techird
techird committed Nov 17, 2014
1 parent 35145a1 commit 06920d1
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions ui/ribbon/idea/note.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,13 @@
* @author: techird
* @copyright: Baidu FEX, 2014
*/
/* global marked: true */
KityMinder.registerUI('ribbon/idea/note', function(minder) {

marked.setOptions({
breaks: true
});

var $attachment = minder.getUI('ribbon/idea/attachment');

var $noteButtonMenu = new FUI.ButtonMenu({
Expand Down Expand Up @@ -58,11 +63,23 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {

minder.on('uiready', function() {
editor.setSize('100%', '100%');
})
});

var visible = false;
var selectedNode = null;

function axss(value) {
var div = document.createElement('div');
div.innerHTML = value;
$(div).find('script').remove();
for (var name in div) {
if (name.indexOf('on') === 0) {
div.removeAttribute(name);
}
}
return div.innerHTML;
}

function updateEditorView() {
if (noteVisible && selectedNode != minder.getSelectedNode()) {
selectedNode = minder.getSelectedNode();
Expand Down Expand Up @@ -114,7 +131,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {
var b = icon.getRenderBox('screen');
var note = node.getData('note');

$previewer.html(marked(note));
$previewer.html(marked(axss(note)));

var cw = $('#content-wrapper').width();
var ch = $('#content-wrapper').height();
Expand All @@ -140,7 +157,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {

function editMode() {
if ($editTab.hasClass(activeTabClass)) return;
$preview.hide()
$preview.hide();
$previewTab.removeClass(activeTabClass);

$editor.show().addClass(activeTabClass);
Expand All @@ -152,7 +169,7 @@ KityMinder.registerUI('ribbon/idea/note', function(minder) {

$editor.hide();
$editTab.removeClass(activeTabClass);
$preview.html(marked(editor.getValue())).show();
$preview.html(marked(axss(editor.getValue()))).show();
$previewTab.addClass(activeTabClass);
}

Expand Down

0 comments on commit 06920d1

Please sign in to comment.