Skip to content

Commit

Permalink
Use xss.js to sanitize HTML mixed with Markdown. Closes #125.
Browse files Browse the repository at this point in the history
  • Loading branch information
@sizzlemctwizzle
sizzlemctwizzle committed Jun 2, 2014
1 parent 485e3fd commit e66d374
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
5 changes: 3 additions & 2 deletions libs/markdown.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
var marked = require('marked');
var hljs = require('highlight.js');
var xss = require('simple-xss');
var renderer = new marked.Renderer();

// Automatically generate an anchor for each header
Expand Down Expand Up @@ -29,11 +30,11 @@ marked.setOptions({
tables: true,
breaks: true,
pedantic: false,
sanitize: true,
sanitize: false, // we use xss to sanitize HTML
smartLists: true,
smartypants: false
});

exports.renderMd = function (text) {
return marked(text);
return marked(xss(text));
};
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"async": "*",
"aws-sdk": "*",
"toobusy-js": "*",
"simple-xss": "*",
"passport": "*",
"passport-github": "*",
"passport-amazon": "*",
Expand Down

0 comments on commit e66d374

Please sign in to comment.