File tree 1 file changed +18
-0
lines changed
1 file changed +18
-0
lines changed Original file line number Diff line number Diff line change 2323 var markdownString = $ ( this ) . text ( ) ;
2424
2525 var contentHtml = marked ( markdownString ) ;
26+
27+ // JS 处理,避免 XSS。最终还是改为服务端渲染更好
28+ if ( contentHtml . indexOf ( '<script' ) != - 1 ) {
29+ contentHtml = contentHtml . replace ( / < s c r i p t / g, '<script' ) ;
30+ }
31+ if ( contentHtml . indexOf ( '<form' ) != - 1 ) {
32+ contentHtml = contentHtml . replace ( / < f o r m / g, '<form' ) ;
33+ }
34+ if ( contentHtml . indexOf ( '<input' ) != - 1 ) {
35+ contentHtml = contentHtml . replace ( / < i n p u t / g, '<input' ) ;
36+ }
37+ if ( contentHtml . indexOf ( '<select' ) != - 1 ) {
38+ contentHtml = contentHtml . replace ( / < s e l e c t / g, '<select' ) ;
39+ }
40+ if ( contentHtml . indexOf ( '<textarea' ) != - 1 ) {
41+ contentHtml = contentHtml . replace ( / < t e x t a r e a / g, '<textarea' ) ;
42+ }
43+
2644 contentHtml = SG . replaceCodeChar ( contentHtml ) ;
2745
2846 $ ( this ) . html ( contentHtml ) ;
You can’t perform that action at this time.
0 commit comments