plug potential xss vector
This commit is contained in:
parent
c7077cf798
commit
f1f28f61e6
2 changed files with 9 additions and 3 deletions
|
@ -191,9 +191,15 @@ var Reveal = (function(){
|
|||
// Force a layout when the whole page, incl fonts, has loaded
|
||||
window.addEventListener( 'load', layout, false );
|
||||
|
||||
var query = Reveal.getQueryHash();
|
||||
|
||||
// Do not accept new dependencies via query config to avoid
|
||||
// the potential of malicious script injection
|
||||
if( typeof query['dependencies'] !== 'undefined' ) delete query['dependencies'];
|
||||
|
||||
// Copy options over to our config object
|
||||
extend( config, options );
|
||||
extend( config, Reveal.getQueryHash() );
|
||||
extend( config, query );
|
||||
|
||||
// Hide the address bar in mobile browsers
|
||||
hideAddressBar();
|
||||
|
|
4
js/reveal.min.js
vendored
4
js/reveal.min.js
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue