|
|
@@ -230,8 +230,14 @@ module.exports = function(crowi, app) {
|
|
|
}
|
|
|
|
|
|
function addRenderVarsForPresentation(renderVars, page) {
|
|
|
-
|
|
|
- const preventXssRevision = page.revision.body.replace(/</g, '<').replace(/>/g, '>');
|
|
|
+ // const XssService = require('../service/xss');
|
|
|
+ // const preventXssRevision = new XssService();
|
|
|
+ // const hoge = preventXssRevision.process(page.revision.body);
|
|
|
+ // console.log(hoge);
|
|
|
+ // page.revision.body = hoge;
|
|
|
+
|
|
|
+ // sanitize revision.body
|
|
|
+ const preventXssRevision = crowi.xss.process(page.revision.body);
|
|
|
page.revision.body = preventXssRevision;
|
|
|
|
|
|
renderVars.page = page;
|
zamis