diff --git a/www/md/main.js b/www/md/main.js index 635429bcf..9b354ea0d 100644 --- a/www/md/main.js +++ b/www/md/main.js @@ -22,6 +22,10 @@ define([ var $textarea = $('textarea'), $target = $('#target'); + Marked.setOptions({ + sanitize: true + }); + var draw = function (content) { // draw stuff $target.html(Marked(content)); diff --git a/www/vmd/main.js b/www/vmd/main.js index 948ebd67b..9e42eef28 100644 --- a/www/vmd/main.js +++ b/www/vmd/main.js @@ -13,6 +13,10 @@ define([ var Vdom = Convert.core.vdom, Hyperjson = Convert.core.hyperjson, Hyperscript = Convert.core.hyperscript; + + window.Vdom = Vdom; + window.Hyperjson = Hyperjson; + window.Hyperscript = Hyperscript; $(window).on('hashchange', function() { window.location.reload(); @@ -27,11 +31,16 @@ define([ var $textarea = $('textarea'), $target = $('#target'); -/* - var draw = function (content) { - // draw stuff - $target.html(Marked(content)); - }; */ + var stripScripts = function (md) { + return md.replace(/<[\s\S]*?script[\s\S]*?>[\s\S]*?<\/script[\s\S]*?>/ig, ""); + }; + + window.$textarea = $textarea; + + // set markdwon rendering options + Marked.setOptions({ + sanitize: true + }); window.draw = (function () { var target = $target[0], @@ -41,23 +50,69 @@ define([ var Previous = Convert.dom.to.vdom(inner); return function (md) { - var rendered = Marked(md); - + // strip scripts or people get xss + var rendered = stripScripts(Marked(md||"")); // make a dom var R = $('
'+rendered+'
')[0]; - var New = Convert.dom.to.vdom(R); - var patches = Vdom.diff(Previous, New); - Vdom.patch(inner, patches); - Previous = New; + return patches; + }; + }()); + + window.colour = (function () { + var r = 0.6, + n = 24, + i = 0, + t = [], + rgb = [0,2,4]; + + while(i