From b79618c94a8be478fcffba79d7576bf77cae34f3 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Tue, 6 Dec 2016 16:00:38 +0100
Subject: [PATCH] don't allow listeners in /slide/

---
 www/slide/slide.js | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/www/slide/slide.js b/www/slide/slide.js
index b07c1b63d..cae81204f 100644
--- a/www/slide/slide.js
+++ b/www/slide/slide.js
@@ -45,7 +45,7 @@ define([
     var unsafeTag = function (info) {
         if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) {
             if (/^on/.test(info.diff.name)) {
-                console.log("Rejecting forbidden element attribute with name", info.diff.element.nodeName);
+                console.log("Rejecting forbidden element attribute with name", info.diff.name);
                 return true;
             }
         }
@@ -91,12 +91,28 @@ define([
         return patch;
     };
 
+    var slice = function (coll) {
+        return Array.prototype.slice.call(coll);
+    };
+
+    /*  remove listeners from the DOM */
+    var removeListeners = function (root) {
+        slice(root.attributes).map(function (attr) {
+            if (/^on/.test(attr.name)) {
+                root.attributes.removeNamedItem(attr.name);
+            }
+        });
+        // all the way down
+        slice(root.children).forEach(removeListeners);
+    };
+
     var draw = Slide.draw =  function (i) {
         console.log("Trying to draw slide #%s", i);
         if (typeof(Slide.content[i]) !== 'string') { return; }
 
         var c = Slide.content[i];
         var Dom = domFromHTML('<div id="content">' + Marked(c) + '</div>');
+        removeListeners(Dom.body);
         var patch = makeDiff(domFromHTML($content[0].outerHTML), Dom);
 
         if (typeof(patch) === 'string') {