diff --git a/views/about.html b/views/about.html index 13b0787..d7773f3 100644 --- a/views/about.html +++ b/views/about.html @@ -9,11 +9,28 @@ (function() { var raw = document.getElementById('about-raw-data'); var el = document.getElementById('about-dynamic-content'); + function escapeHtml(str) { + return str.replace(/&/g,'&').replace(//g,'>').replace(/"/g,'"').replace(/'/g,'''); + } function render() { if (raw && el && typeof marked !== 'undefined') { var bytes = Uint8Array.from(atob(raw.textContent.trim()), function(c) { return c.charCodeAt(0); }); var text = new TextDecoder('utf-8').decode(bytes); - el.innerHTML = marked.parse(text, { gfm: true, breaks: true }); + var renderer = new marked.Renderer(); + renderer.code = function(code, lang) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + var langAttr = (typeof code === 'object' ? code.lang : lang) || ''; + return '
' + escaped + '
'; + }; + renderer.codespan = function(code) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + return '' + escaped + ''; + }; + renderer.html = function(html) { + var content = typeof html === 'object' ? (html.text || '') : html; + return escapeHtml(content); + }; + el.innerHTML = marked.parse(text, { gfm: true, breaks: true, renderer: renderer }); } } if (typeof marked !== 'undefined') { diff --git a/views/admin/about.html b/views/admin/about.html index 8833ee2..3da778c 100644 --- a/views/admin/about.html +++ b/views/admin/about.html @@ -10,7 +10,8 @@
- + +
diff --git a/views/admin/rules.html b/views/admin/rules.html index 3a2f80a..b8781fa 100644 --- a/views/admin/rules.html +++ b/views/admin/rules.html @@ -10,7 +10,8 @@
- + +
diff --git a/views/admin/terms.html b/views/admin/terms.html index 5aebcfd..e57385f 100644 --- a/views/admin/terms.html +++ b/views/admin/terms.html @@ -10,7 +10,8 @@
- + +
diff --git a/views/rules.html b/views/rules.html index 7ab10ab..44e01e8 100644 --- a/views/rules.html +++ b/views/rules.html @@ -9,11 +9,28 @@ (function() { var raw = document.getElementById('rules-raw-data'); var el = document.getElementById('rules-dynamic-content'); + function escapeHtml(str) { + return str.replace(/&/g,'&').replace(//g,'>').replace(/"/g,'"').replace(/'/g,'''); + } function render() { if (raw && el && typeof marked !== 'undefined') { var bytes = Uint8Array.from(atob(raw.textContent.trim()), function(c) { return c.charCodeAt(0); }); var text = new TextDecoder('utf-8').decode(bytes); - el.innerHTML = marked.parse(text, { gfm: true, breaks: true }); + var renderer = new marked.Renderer(); + renderer.code = function(code, lang) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + var langAttr = (typeof code === 'object' ? code.lang : lang) || ''; + return '
' + escaped + '
'; + }; + renderer.codespan = function(code) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + return '' + escaped + ''; + }; + renderer.html = function(html) { + var content = typeof html === 'object' ? (html.text || '') : html; + return escapeHtml(content); + }; + el.innerHTML = marked.parse(text, { gfm: true, breaks: true, renderer: renderer }); } } if (typeof marked !== 'undefined') { diff --git a/views/terms.html b/views/terms.html index d6a6481..30f3df1 100644 --- a/views/terms.html +++ b/views/terms.html @@ -9,11 +9,28 @@ (function() { var raw = document.getElementById('terms-raw-data'); var el = document.getElementById('terms-dynamic-content'); + function escapeHtml(str) { + return str.replace(/&/g,'&').replace(//g,'>').replace(/"/g,'"').replace(/'/g,'''); + } function render() { if (raw && el && typeof marked !== 'undefined') { var bytes = Uint8Array.from(atob(raw.textContent.trim()), function(c) { return c.charCodeAt(0); }); var text = new TextDecoder('utf-8').decode(bytes); - el.innerHTML = marked.parse(text, { gfm: true, breaks: true }); + var renderer = new marked.Renderer(); + renderer.code = function(code, lang) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + var langAttr = (typeof code === 'object' ? code.lang : lang) || ''; + return '
' + escaped + '
'; + }; + renderer.codespan = function(code) { + var escaped = escapeHtml(typeof code === 'object' ? (code.text || '') : code); + return '' + escaped + ''; + }; + renderer.html = function(html) { + var content = typeof html === 'object' ? (html.text || '') : html; + return escapeHtml(content); + }; + el.innerHTML = marked.parse(text, { gfm: true, breaks: true, renderer: renderer }); } } if (typeof marked !== 'undefined') {