Added in a function to sanatize script tags specifically

naturalcrit · Dec 3, 2018 · 20b719d · 20b719d
1 parent 8b04cc9
commit 20b719d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "homebrewery",
   "description": "Create authentic looking D&D homebrews using only markdown",
-  "version": "2.8.0",
+  "version": "2.8.1",
   "repository": {
     "type": "git",
     "url": "git://github.com/stolksdorf/homebrewery.git"

diff --git a/shared/naturalcrit/markdown.js b/shared/naturalcrit/markdown.js
@@ -13,6 +13,11 @@ renderer.html = function (html) {
 	return html;
 };
 
+const sanatizeScriptTags = (content)=>{
+	return content
+		.replace(/<script/g, '&lt;script')
+		.replace(/<\/script>/g, '&lt;/script&gt;');
+};
 
 const tagTypes = ['div', 'span', 'a'];
 const tagRegex = new RegExp(`(${
@@ -24,7 +29,10 @@ const tagRegex = new RegExp(`(${
 module.exports = {
 	marked : Markdown,
 	render : (rawBrewText)=>{
-		return Markdown(rawBrewText, { renderer: renderer });
+		return Markdown(
+			sanatizeScriptTags(rawBrewText),
+			{ renderer: renderer }
+		);
 	},
 
 	validate : (rawBrewText)=>{