Commit d4abb965 authored by Sandro Lutz's avatar Sandro Lutz
Browse files

Add html-escape before markdown parsing

parent f9b164a8
import m from 'mithril';
import marked from 'marked';
import escape from 'html-escape';
import { data, image as boardImage } from './data/board';
import { i18n, currentLanguage } from '../../models/language';
import { TranslationUnavailable } from '../errors';
......@@ -7,7 +8,7 @@ import { TranslationUnavailable } from '../errors';
class ImageGroup {
static _parseMarkdownText(text) {
// replace leading spaces when using multi-line strings
return marked(text.trim().replace(/\n[^\S\n]+/g, '\n'));
return marked(escape(text.trim().replace(/\n[^\S\n]+/g, '\n')));
}
static view(vnode) {
......
import m from 'mithril';
import marked from 'marked';
import escape from 'html-escape';
import { data } from './data/commissions';
import { i18n, currentLanguage } from '../../models/language';
import { TranslationUnavailable } from '../errors';
......@@ -7,7 +8,7 @@ import { TranslationUnavailable } from '../errors';
class Commission {
static _parseMarkdownText(text) {
// replace leading spaces when using multi-line strings
return marked(text.trim().replace(/\n[^\S\n]+/g, '\n'));
return marked(escape(text.trim().replace(/\n[^\S\n]+/g, '\n')));
}
static view(vnode) {
......
import m from 'mithril';
import marked from 'marked';
import escape from 'html-escape';
import { data } from './data/companies';
import { i18n, currentLanguage } from '../../models/language';
class CompanyItem {
static _parseMarkdownText(text) {
// replace leading spaces when using multi-line strings
return marked(text.trim().replace(/\n[^\S\n]+/g, '\n'));
return marked(escape(text.trim().replace(/\n[^\S\n]+/g, '\n')));
}
static view(vnode) {
......
import m from 'mithril';
import marked from 'marked';
import escape from 'html-escape';
import * as EmailValidator from 'email-validator';
import { log } from '../../models/log';
import { isLoggedIn, login } from '../../models/auth';
......@@ -175,7 +176,7 @@ export default class EventDetails {
? i18n('events.no_registration')
: i18n('events.%n_spots_available', event.spots - event.signup_count)
),
m('p', m.trust(marked(event.getDescription()))),
m('p', m.trust(marked(escape(event.getDescription())))),
eventSignupForm,
]);
}
......
import m from 'mithril';
import marked from 'marked';
import escape from 'html-escape';
import { apiUrl } from 'config';
import * as jobs from '../../models/joboffers';
import { log } from '../../models/log';
......@@ -20,7 +21,7 @@ export default class JobOfferDetails {
return m('div', [
m('h1', jobOffer.title),
m('img', { src: `${apiUrl}${jobOffer.logo.file}`, alt: jobOffer.company }),
m('p', m.trust(marked(jobOffer.description))),
m('p', m.trust(marked(escape(jobOffer.description)))),
m('a', { href: `${apiUrl}${jobOffer.pdf.file}`, target: '_blank' }, 'Download as PDF'),
]);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment