xobs/fa20-bt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

plug potential xss vector

Browse Source
This commit is contained in:
Hakim El Hattab
2013-10-24 08:59:52 -04:00
parent c7077cf798
commit f1f28f61e6
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
js/reveal.js
View File

@@ -191,9 +191,15 @@ var Reveal = (function(){
// Force a layout when the whole page, incl fonts, has loaded // Force a layout when the whole page, incl fonts, has loaded
window.addEventListener( 'load', layout, false ); window.addEventListener( 'load', layout, false );
var query = Reveal.getQueryHash();
// Do not accept new dependencies via query config to avoid
// the potential of malicious script injection
if( typeof query['dependencies'] !== 'undefined' ) delete query['dependencies'];
// Copy options over to our config object // Copy options over to our config object
extend( config, options ); extend( config, options );
extend( config, Reveal.getQueryHash() ); extend( config, query );
// Hide the address bar in mobile browsers // Hide the address bar in mobile browsers
hideAddressBar(); hideAddressBar();

4
js/reveal.min.js vendored
View File

File diff suppressed because one or more lines are too long