Skip to content

Commit 59c3452

Browse files
authored
fix(security): potential JSONP callback overwritten (#1253)
fix(security): potential JSONP callback overwritten
2 parents 3038f5c + 79e6d3d commit 59c3452

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

public/js/extra.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1111,7 +1111,7 @@ const vimeoPlugin = new Plugin(
11111111
/{%vimeo\s*([\d\D]*?)\s*%}/,
11121112

11131113
(match, utils) => {
1114-
const videoid = match[1]
1114+
const videoid = match[1].split(/[?&=]+/)[0]
11151115
if (!videoid) return
11161116
const div = $('<div class="vimeo raw"></div>')
11171117
div.attr('data-videoid', videoid)
@@ -1126,7 +1126,7 @@ const gistPlugin = new Plugin(
11261126
/{%gist\s*([\d\D]*?)\s*%}/,
11271127

11281128
(match, utils) => {
1129-
const gistid = match[1]
1129+
const gistid = match[1].split(/[?&=]+/)[0]
11301130
const code = `<code data-gist-id="${gistid}"></code>`
11311131
return code
11321132
}
@@ -1144,7 +1144,7 @@ const slidesharePlugin = new Plugin(
11441144
/{%slideshare\s*([\d\D]*?)\s*%}/,
11451145

11461146
(match, utils) => {
1147-
const slideshareid = match[1]
1147+
const slideshareid = match[1].split(/[?&=]+/)[0]
11481148
const div = $('<div class="slideshare raw"></div>')
11491149
div.attr('data-slideshareid', slideshareid)
11501150
return div[0].outerHTML

0 commit comments

Comments
 (0)