StarMirror/showdown
1
0
Fork 0
mirror of https://github.com/showdownjs/showdown.git synced 2024-03-22 13:30:55 +08:00
Code Issues Projects Releases Wiki Activity

Use angular's $sanitize to prevent XSS

Browse Source 
Addresses https://github.com/showdownjs/showdown/issues/70 at least within angular.
This commit is contained in:
Warren Konkel 2015-04-21 23:53:33 -07:00
parent eca8386dbb
commit 2b2eb972dd
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ng-showdown.js
View File

@ -10,7 +10,7 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
module
.provider('$Showdown', provider)
.directive('sdModelToHtml', ['$Showdown', markdownToHtmlDirective])
.directive('sdModelToHtml', ['$Showdown', '$sanitize', markdownToHtmlDirective])
.filter('sdStripHtml', stripHtmlFilter);
/**
@ -106,13 +106,13 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
* @param $Showdown
* @returns {*}
*/
function markdownToHtmlDirective($Showdown) {
function markdownToHtmlDirective($Showdown, $sanitize) {
var link = function (scope, element) {
scope.$watch('model', function (newValue) {
var val;
if (typeof newValue === 'string') {
val = $Showdown.makeHtml(newValue);
val = $sanitize($Showdown.makeHtml(newValue));
} else {
val = typeof newValue;
}
@ -140,7 +140,7 @@ if (typeof angular !== 'undefined' && typeof Showdown !== 'undefined') {
};
}
})(angular.module('Showdown', []), Showdown);
})(angular.module('Showdown', ['ngSanitize']), Showdown);
} else {