diff options
Diffstat (limited to 'js')
| -rw-r--r-- | js/bower.json | 6 | ||||
| -rw-r--r-- | js/galleryinfobox.js | 16 |
2 files changed, 12 insertions, 10 deletions
diff --git a/js/bower.json b/js/bower.json index 1f67648e..5e7e3193 100644 --- a/js/bower.json +++ b/js/bower.json @@ -2,7 +2,8 @@ "name": "gallery", "homepage": "https://github.com/owncloud/gallery", "authors": [ - "Olivier Paroz <owncloud@interfasys.ch>" + "Olivier Paroz <owncloud@interfasys.ch>", + "Robin Appelman <icewind@owncloud.com>" ], "description": "Media gallery for ownCloud which includes previews for all media types supported by your ownCloud installation.", "license": "AGPL", @@ -17,6 +18,7 @@ "dependencies": { "eventsource-polyfill": "~0.*", "marked": "~0.*", - "github-markdown-css": "~2.*" + "github-markdown-css": "~2.*", + "dompurify": "~0.6.5" } } diff --git a/js/galleryinfobox.js b/js/galleryinfobox.js index b4712237..cb192cfb 100644 --- a/js/galleryinfobox.js +++ b/js/galleryinfobox.js @@ -1,4 +1,4 @@ -/* global Gallery, marked */ +/* global Gallery, marked, DOMPurify */ (function ($, t, Gallery) { "use strict"; /** @@ -41,9 +41,9 @@ thisInfoBox._addContent(data); } ).fail(function () { - thisInfoBox._addContent(t('gallery', - 'Could not load the description')); - }); + thisInfoBox._addContent(t('gallery', + 'Could not load the description')); + }); } else { this._addContent(this.albumInfo.description); } @@ -63,10 +63,10 @@ */ _addContent: function (content) { try { - content = marked(content, { + content = DOMPurify.sanitize(marked(content, { gfm: false, sanitize: true - }); + })); } catch (exception) { content = t('gallery', 'Could not load the description: ' + exception.message); @@ -104,10 +104,10 @@ if (!$.isEmptyObject(this.albumInfo.copyright)) { try { - copyright = marked(this.albumInfo.copyright, { + copyright = DOMPurify.sanitize(marked(this.albumInfo.copyright, { gfm: false, sanitize: true - }); + })); } catch (exception) { copyright = t('gallery', |