fix: HTML + mustache interpolations not escaped properly

This commit is contained in:
NGPixel 2017-06-01 20:15:02 -04:00
parent f1a516da03
commit 4632330d7c
5 changed files with 21 additions and 21 deletions

View File

@ -25,10 +25,10 @@ var mkdown = md({
try {
return '<pre class="hljs"><code>' + hljs.highlight(lang, str, true).value + '</code></pre>'
} catch (err) {
return '<pre><code>' + str + '</code></pre>'
return '<pre><code>' + _.escape(str) + '</code></pre>'
}
}
return '<pre><code>' + str + '</code></pre>'
return '<pre><code>' + _.escape(str) + '</code></pre>'
}
})
.use(mdEmoji)

View File

@ -17,25 +17,26 @@
},
"nav": {
"account": "Account",
"settings": "Settings",
"allpages": "All Pages",
"create": "Create",
"discard": "Discard",
"edit": "Edit",
"history": "History",
"home": "Home",
"login": "Login",
"logout": "Logout",
"move": "Move",
"myprofile": "My Profile",
"normalview": "Normal View",
"savechanges": "Save Changes",
"savedocument": "Save Document",
"settings": "Settings",
"source": "Source",
"stats": "Stats",
"syssettings": "System Settings",
"theme": "Color Theme",
"users": "Users",
"logout": "Logout",
"create": "Create",
"edit": "Edit",
"history": "History",
"source": "Source",
"move": "Move",
"allpages": "All Pages",
"login": "Login",
"normalview": "Normal View",
"viewlatest": "View Latest",
"discard": "Discard",
"savechanges": "Save Changes",
"savedocument": "Save Document"
"viewlatest": "View Latest"
},
"welcome": {
"title": "Welcome to your wiki!",

View File

@ -16,7 +16,7 @@ block rootNavRight
block content
editor(inline-template, current-path=pageData.meta.path, v-cloak)
.editor-area
textarea(ref='editorTextArea')= pageData.markdown
textarea(ref='editorTextArea', v-pre)= pageData.markdown
editor-video
editor-codeblock

View File

@ -16,7 +16,7 @@ block rootNavRight
block content
editor(inline-template, current-path=pageData.meta.path, v-cloak)
.editor-area
textarea(ref='editorTextArea')= pageData.markdown
textarea(ref='editorTextArea', v-pre)= pageData.markdown
editor-video
editor-codeblock

View File

@ -73,12 +73,11 @@ block content
+tocMenu(pageData.tree)
.column
.hero
h1.title#title= pageData.meta.title
if pageData.meta.subtitle
h2.subtitle= pageData.meta.subtitle
.content.mkcontent
.content.mkcontent(v-pre)
!= pageData.html
modal-create-page(basepath=pageData.meta.path)