plug potential xss vector

This commit is contained in:
Hakim El Hattab 2013-10-24 08:59:52 -04:00
parent c7077cf798
commit f1f28f61e6
2 changed files with 9 additions and 3 deletions

View file

@ -191,9 +191,15 @@ var Reveal = (function(){
// Force a layout when the whole page, incl fonts, has loaded // Force a layout when the whole page, incl fonts, has loaded
window.addEventListener( 'load', layout, false ); window.addEventListener( 'load', layout, false );
var query = Reveal.getQueryHash();
// Do not accept new dependencies via query config to avoid
// the potential of malicious script injection
if( typeof query['dependencies'] !== 'undefined' ) delete query['dependencies'];
// Copy options over to our config object // Copy options over to our config object
extend( config, options ); extend( config, options );
extend( config, Reveal.getQueryHash() ); extend( config, query );
// Hide the address bar in mobile browsers // Hide the address bar in mobile browsers
hideAddressBar(); hideAddressBar();

4
js/reveal.min.js vendored

File diff suppressed because one or more lines are too long