github/hexo-theme-next
1
0
Fork 0
mirror of https://github.com/next-theme/hexo-theme-next.git synced 2026-01-17 18:22:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape only < in front-end json (#294)

Browse Source
This commit is contained in:
2021-06-18 13:29:08 +08:00 committed by GitHub
parent 81f716d289
commit 566238d06f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/helpers/engine.js
View File

@ -41,10 +41,9 @@ hexo.extend.helper.register('next_vendors', function(name) {
});
hexo.extend.helper.register('next_data', function(name, ...data) {
const { escape_html } = this;
const json = data.length === 1 ? data[0] : Object.assign({}, ...data);
return `<script class="next-config" data-name="${name}" type="application/json">${
escape_html(JSON.stringify(json))
JSON.stringify(json).replace(/</g, '\\u003c')
}</script>`;
});

7
source/js/config.js
View File

@ -6,12 +6,7 @@ if (!window.NexT) window.NexT = {};
const staticConfig = {};
let variableConfig = {};
const parse = text => {
const jsonString = new DOMParser()
.parseFromString(text, 'text/html').documentElement
.textContent;
return JSON.parse(jsonString || '{}');
};
const parse = text => JSON.parse(text || '{}');
const update = name => {
const targetEle = document.querySelector(`.${className}[data-name="${name}"]`);