StarMirror/showdown
1
0
Fork 0
mirror of https://github.com/showdownjs/showdown.git synced 2024-03-22 13:30:55 +08:00
Code Issues Projects Releases Wiki Activity

Use angular's $sanitize to prevent XSS

Browse Source 
Addresses https://github.com/showdownjs/showdown/issues/70 at least within angular.
This commit is contained in:
Warren Konkel 2015-04-21 23:53:33 -07:00
parent eca8386dbb
commit 2b2eb972dd
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ng-showdown.js
View File

@ -10,7 +10,7 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
module module
.provider('$Showdown', provider) .provider('$Showdown', provider)
.directive('sdModelToHtml', ['$Showdown', markdownToHtmlDirective]) .directive('sdModelToHtml', ['$Showdown', '$sanitize', markdownToHtmlDirective])
.filter('sdStripHtml', stripHtmlFilter); .filter('sdStripHtml', stripHtmlFilter);
/** /**
@ -106,13 +106,13 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
* @param $Showdown * @param $Showdown
* @returns {*} * @returns {*}
*/ */
function markdownToHtmlDirective($Showdown) { function markdownToHtmlDirective($Showdown, $sanitize) {
var link = function (scope, element) { var link = function (scope, element) {
scope.$watch('model', function (newValue) { scope.$watch('model', function (newValue) {
var val; var val;
if (typeof newValue === 'string') { if (typeof newValue === 'string') {
val = $Showdown.makeHtml(newValue); val = $sanitize($Showdown.makeHtml(newValue));
} else { } else {
val = typeof newValue; val = typeof newValue;
} }
@ -140,7 +140,7 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
}; };
} }
})(angular.module('Showdown', []), Showdown); })(angular.module('Showdown', ['ngSanitize']), Showdown);
} else { } else {