fix XSS bug

2025-12-13 01:36:22 +00:00 · 2018-09-15 15:24:59 +02:00
parent 7af77384e7
commit b03c2a1f80
2 changed files with 2 additions and 2 deletions
--- a/browser/lib/markdown-it-fence.js
+++ b/browser/lib/markdown-it-fence.js
@@ -120,7 +120,7 @@ module.exports = function (md, renderers, defaultRenderer) {
    alt: ['paragraph', 'reference', 'blockquote', 'list']
  })

-  for (let name in renderers) {
+  for (const name in renderers) {
    md.renderer.rules[`${name}_fence`] = (tokens, index) => renderers[name](tokens[index])
  }

--- a/browser/lib/markdown-it-sanitize-html.js
+++ b/browser/lib/markdown-it-sanitize-html.js
@@ -14,7 +14,7 @@ module.exports = function sanitizePlugin (md, options) {
          options
        )
      }
-      if (state.tokens[tokenIdx].type === 'fence') {
+      if (state.tokens[tokenIdx].type === '_fence') {
        // escapeHtmlCharacters has better performance
        state.tokens[tokenIdx].content = escapeHtmlCharacters(
          state.tokens[tokenIdx].content,