1 | /* |
||
2 | Override markdown rendering defaults for Simple MDE. |
||
3 | |||
4 | This resolves XSS vulnerability which can be exploited |
||
5 | when previewing malicious text in the editor. |
||
6 | |||
7 | https://github.com/sparksuite/simplemde-markdown-editor/issues/721 |
||
8 | https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570 |
||
9 | */ |
||
10 | |||
11 | SimpleMDE.prototype.markdown = function(text) { |
||
0 ignored issues
–
show
|
|||
12 | var markedOptions = { sanitize: true }; |
||
13 | |||
14 | if(this.options && this.options.renderingConfig && this.options.renderingConfig.singleLineBreaks === false) { |
||
15 | markedOptions.breaks = false; |
||
16 | } else { |
||
17 | markedOptions.breaks = true; |
||
18 | } |
||
19 | |||
20 | if(this.options && this.options.renderingConfig && this.options.renderingConfig.codeSyntaxHighlighting === true && window.hljs) { |
||
21 | markedOptions.highlight = function(code) { |
||
22 | return window.hljs.highlightAuto(code).value; |
||
23 | }; |
||
24 | } |
||
25 | |||
26 | marked.setOptions(markedOptions); |
||
0 ignored issues
–
show
The variable
marked seems to be never declared. If this is a global, consider adding a /** global: marked */ comment.
This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN.
Loading history...
|
|||
27 | |||
28 | return marked(text); |
||
29 | } |
||
30 |
This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed.
To learn more about declaring variables in Javascript, see the MDN.