Passed
Push — master ( cddcf6...1d3855 )
by Alexander
01:59
created

tcms/static/js/simplemde_security_override.js (2 issues)

Languages
Labels
Severity
1
/*
2
    Override markdown rendering defaults for Simple MDE.
3
4
    This resolves XSS vulnerability which can be exploited
5
    when previewing malicious text in the editor.
6
7
    https://github.com/sparksuite/simplemde-markdown-editor/issues/721
8
    https://snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570
9
*/
10
11
SimpleMDE.prototype.markdown = function(text) {
0 ignored issues
show
The variable SimpleMDE seems to be never declared. If this is a global, consider adding a /** global: SimpleMDE */ comment.

This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed.

To learn more about declaring variables in Javascript, see the MDN.

Loading history...
12
    var markedOptions = { sanitize: true };
13
14
    if(this.options && this.options.renderingConfig && this.options.renderingConfig.singleLineBreaks === false) {
15
        markedOptions.breaks = false;
16
    } else {
17
        markedOptions.breaks = true;
18
    }
19
20
    if(this.options && this.options.renderingConfig && this.options.renderingConfig.codeSyntaxHighlighting === true && window.hljs) {
21
        markedOptions.highlight = function(code) {
22
            return window.hljs.highlightAuto(code).value;
23
        };
24
    }
25
26
    marked.setOptions(markedOptions);
0 ignored issues
show
The variable marked seems to be never declared. If this is a global, consider adding a /** global: marked */ comment.

This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed.

To learn more about declaring variables in Javascript, see the MDN.

Loading history...
27
28
    return marked(text);
29
}
30