[scripts/markdown2htmldoc] fix an XSS when plain text is rendered in a code block

This commit is contained in:
Dmytro Meleshko 2020-09-06 19:07:36 +03:00
parent 0442601626
commit df59241a57

View file

@ -6,9 +6,9 @@ const markdownIt = require('markdown-it');
const markdownItTaskCheckbox = require('markdown-it-task-checkbox');
const markdownItEmoji = require('markdown-it-emoji');
const markdownItHeaderAnchors = require('./markdown-it-header-anchors');
const Prism = require('prismjs');
const PRISM_COMPONENTS = require('prismjs/components.js');
const Prism = require('prismjs/components/prism-core');
const loadPrismLanguages = require('prismjs/components/');
const PRISM_COMPONENTS = require('prismjs/components.js');
// TODO: integrate <https://github.com/PrismJS/prism-themes>
const PRISM_THEMES = Object.keys(PRISM_COMPONENTS.themes).filter(
@ -54,14 +54,14 @@ let args = parser.parseArgs();
let md = markdownIt({
html: true,
linkify: true,
highlight: (str, lang) => {
if (lang.length > 0) {
highlight: (code, lang) => {
if (lang) {
loadPrismLanguages([lang]);
if (Object.prototype.hasOwnProperty.call(Prism.languages, lang)) {
return Prism.highlight(str, Prism.languages[lang], lang);
return Prism.highlight(code, Prism.languages[lang], lang);
}
}
return str;
return null;
},
});
md.use(markdownItTaskCheckbox);