tcms/static/js/simplemde_security_override.js - Code Metrics - Inspection of "Make messages for new translations" - kiwitcms/Kiwi - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( cddcf6...1d3855 )

by Alexander

created 2019-05-14 20:25 UTC

tcms/static/js/simplemde_security_override.js A

↳ Parent: Project

Complexity

Total Complexity	9
Complexity/F	4.5

Size

Lines of Code	19
Function Count	2

Duplication

Duplicated Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
wmc	9
eloc	11
dl	0
loc	19
rs	10
c	2
b	0
f	0
cc	0
nc	12
mnd	1
bc	5
fnc	2
bpm	2.5
cpm	4.5
noi	2

/*
    Override markdown rendering defaults for Simple MDE.

    This resolves XSS vulnerability which can be exploited
    when previewing malicious text in the editor.

    https://github.com/sparksuite/simplemde-markdown-editor/issues/721
    https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570
*/

SimpleMDE.prototype.markdown = function(text) {

    var markedOptions = { sanitize: true };

    if(this.options && this.options.renderingConfig && this.options.renderingConfig.singleLineBreaks === false) {
        markedOptions.breaks = false;
    } else {
        markedOptions.breaks = true;
    }

    if(this.options && this.options.renderingConfig && this.options.renderingConfig.codeSyntaxHighlighting === true && window.hljs) {
        markedOptions.highlight = function(code) {
            return window.hljs.highlightAuto(code).value;
        };
    }

    marked.setOptions(markedOptions);


    return marked(text);
}


1			/*
2			Override markdown rendering defaults for Simple MDE.
3
4			This resolves XSS vulnerability which can be exploited
5			when previewing malicious text in the editor.
6
7			https://github.com/sparksuite/simplemde-markdown-editor/issues/721
8			https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570
9			*/
10
11			SimpleMDE.prototype.markdown = function(text) {
			0 ignored issues – show Bug introduced 2019-01-20 14:56 UTC by Report Bug Copy Issue Report The variable `SimpleMDE` seems to be never declared. If this is a global, consider adding a `/** global: SimpleMDE */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
12			var markedOptions = { sanitize: true };
13
14			if(this.options && this.options.renderingConfig && this.options.renderingConfig.singleLineBreaks === false) {
15			markedOptions.breaks = false;
16			} else {
17			markedOptions.breaks = true;
18			}
19
20			if(this.options && this.options.renderingConfig && this.options.renderingConfig.codeSyntaxHighlighting === true && window.hljs) {
21			markedOptions.highlight = function(code) {
22			return window.hljs.highlightAuto(code).value;
23			};
24			}
25
26			marked.setOptions(markedOptions);
			0 ignored issues – show Bug introduced 2019-01-20 14:56 UTC by Report Bug Copy Issue Report The variable `marked` seems to be never declared. If this is a global, consider adding a `/** global: marked */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
27
28			return marked(text);
29			}
30

kiwitcms / Kiwi

Push — master ( cddcf6...1d3855 )

tcms/static/js/simplemde_security_override.js A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like