diff options
author | Olivier Paroz <github@oparoz.com> | 2015-09-08 03:28:13 +0300 |
---|---|---|
committer | Olivier Paroz <github@oparoz.com> | 2015-09-24 11:18:45 +0300 |
commit | 957419d7f0c6eb7417d34ce1bd245505c1326651 (patch) | |
tree | f143dbcc1125777eb56da48fdade7bee6b23f9a2 /js/galleryinfobox.js | |
parent | 3bef2d74c452ed3b673f0ac6c61c5714525856aa (diff) |
Sanitize gallery.cnf even more using DOMPurify
Diffstat (limited to 'js/galleryinfobox.js')
-rw-r--r-- | js/galleryinfobox.js | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/js/galleryinfobox.js b/js/galleryinfobox.js index b4712237..cb192cfb 100644 --- a/js/galleryinfobox.js +++ b/js/galleryinfobox.js @@ -1,4 +1,4 @@ -/* global Gallery, marked */ +/* global Gallery, marked, DOMPurify */ (function ($, t, Gallery) { "use strict"; /** @@ -41,9 +41,9 @@ thisInfoBox._addContent(data); } ).fail(function () { - thisInfoBox._addContent(t('gallery', - 'Could not load the description')); - }); + thisInfoBox._addContent(t('gallery', + 'Could not load the description')); + }); } else { this._addContent(this.albumInfo.description); } @@ -63,10 +63,10 @@ */ _addContent: function (content) { try { - content = marked(content, { + content = DOMPurify.sanitize(marked(content, { gfm: false, sanitize: true - }); + })); } catch (exception) { content = t('gallery', 'Could not load the description: ' + exception.message); @@ -104,10 +104,10 @@ if (!$.isEmptyObject(this.albumInfo.copyright)) { try { - copyright = marked(this.albumInfo.copyright, { + copyright = DOMPurify.sanitize(marked(this.albumInfo.copyright, { gfm: false, sanitize: true - }); + })); } catch (exception) { copyright = t('gallery', |