diff options
| author | Hakim El Hattab | 2013-10-24 08:59:52 -0400 |
|---|---|---|
| committer | Hakim El Hattab | 2013-10-24 08:59:52 -0400 |
| commit | f1f28f61e608b70f437860e82555e3e4a9abd4b9 (patch) | |
| tree | 21c9d5f3881abe31f354624a74a683086f2e20db /js/reveal.js | |
| parent | c7077cf798326d820a520f2692c5ae29e2f7b4dd (diff) | |
plug potential xss vector
Diffstat (limited to 'js/reveal.js')
| -rw-r--r-- | js/reveal.js | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/js/reveal.js b/js/reveal.js index 3e9b160..a1ae5e4 100644 --- a/js/reveal.js +++ b/js/reveal.js @@ -191,9 +191,15 @@ var Reveal = (function(){ // Force a layout when the whole page, incl fonts, has loaded window.addEventListener( 'load', layout, false ); + var query = Reveal.getQueryHash(); + + // Do not accept new dependencies via query config to avoid + // the potential of malicious script injection + if( typeof query['dependencies'] !== 'undefined' ) delete query['dependencies']; + // Copy options over to our config object extend( config, options ); - extend( config, Reveal.getQueryHash() ); + extend( config, query ); // Hide the address bar in mobile browsers hideAddressBar(); |