[scripts/markdown2htmldoc] fix an XSS when plain text is rendered in a code block

This commit is contained in:
Dmytro Meleshko 2020-09-06 19:07:36 +03:00
parent 0442601626
commit df59241a57

View file

@ -6,9 +6,9 @@ const markdownIt = require('markdown-it');
const markdownItTaskCheckbox = require('markdown-it-task-checkbox'); const markdownItTaskCheckbox = require('markdown-it-task-checkbox');
const markdownItEmoji = require('markdown-it-emoji'); const markdownItEmoji = require('markdown-it-emoji');
const markdownItHeaderAnchors = require('./markdown-it-header-anchors'); const markdownItHeaderAnchors = require('./markdown-it-header-anchors');
const Prism = require('prismjs'); const Prism = require('prismjs/components/prism-core');
const PRISM_COMPONENTS = require('prismjs/components.js');
const loadPrismLanguages = require('prismjs/components/'); const loadPrismLanguages = require('prismjs/components/');
const PRISM_COMPONENTS = require('prismjs/components.js');
// TODO: integrate <https://github.com/PrismJS/prism-themes> // TODO: integrate <https://github.com/PrismJS/prism-themes>
const PRISM_THEMES = Object.keys(PRISM_COMPONENTS.themes).filter( const PRISM_THEMES = Object.keys(PRISM_COMPONENTS.themes).filter(
@ -54,14 +54,14 @@ let args = parser.parseArgs();
let md = markdownIt({ let md = markdownIt({
html: true, html: true,
linkify: true, linkify: true,
highlight: (str, lang) => { highlight: (code, lang) => {
if (lang.length > 0) { if (lang) {
loadPrismLanguages([lang]); loadPrismLanguages([lang]);
if (Object.prototype.hasOwnProperty.call(Prism.languages, lang)) { if (Object.prototype.hasOwnProperty.call(Prism.languages, lang)) {
return Prism.highlight(str, Prism.languages[lang], lang); return Prism.highlight(code, Prism.languages[lang], lang);
} }
} }
return str; return null;
}, },
}); });
md.use(markdownItTaskCheckbox); md.use(markdownItTaskCheckbox);