Tips for keeping Showdown from stripping script tags?

While experimenting with something, I attempted to insert the following code into Showdown:

<script>alert("hacked!");</script>

Naturally, no alert appeared (as Showdown is designed to prevent such actions), but the <script> tag was completely removed. Since this is for a user description, I need the script tag and its contents to be visible but not executed.

I contemplated modifying some of Showdown's built-in code to achieve this, but couldn't pinpoint where in the source code I should make changes to only display the script tags without executing them.

If anyone has any suggestions or knows of existing options for accomplishing this, please let me know!

javascriptshowdown

Answer №1

I stumbled upon this section of the code that handles hashing HTML tags such as: <script> or </script>.

Check it out here

My suggestion is to remove line 329 from the file.

Refer to this link for more context

If you do that, everything should function correctly.

Answer №2

After some trial and error, I finally discovered the solution to my problem: all I had to do was replace the opening and closing <script> tags with visible alternatives like &lt;script and &lt;/script&gt;

Here is the customized code snippet that worked for me:

myHTML.replace("<script", "&lt;script").replace("</script>", "&lt;/script&gt;");

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Utilize Python 3.7 to mark a checkbox on an HTML webpage

I am currently attempting to use Python 3.7 and Selenium to select a checkbox on an HTML page. My ultimate goal is to manipulate these checkboxes, but I am struggling to even select them correctly. The URL in question is: Prior to seeking assistance here, ...

javascriptpythonseleniumcheckbox

Top method for patiently awaiting the completion of the .forEach() function

There are times when I find myself waiting for a .forEach() method to complete, especially in functions involving loaders. My current approach involves using the following code: $q.when(array.forEach(function(item){ //perform iteration })).then(func ...

javascriptangularjs

Unable to submit /api/sentiment

I'm currently troubleshooting the /api/sentiment endpoint in postman and encountering a "cannot POST" error. I have confirmed that the routes are correct and the server is actively listening on port 8080. Interestingly, all other endpoints function wi ...

javascriptnode.jsexpress

The problem with legends in chart.js not displaying properly

I've been struggling to display the labels "2017" and "2018" as legends on the right side of the chart. I've tried numerous approaches but haven't found a solution yet. The purpose of showing these legends is to easily identify that each co ...

javascriptjquerychart.js

The division element shifts to the left upon invoking the slideUp() function

I am currently working on a page that contains a form with two different sections - one is visible and the other is hidden. When the user clicks a button in the first section, it slides up using slideUp() while the hidden section slides down using slideDow ...

javascripthtmljquerycss

Click handler fails to trigger on dynamically rendered elements through Ajax Callback, limited to Safari browser only

I'm facing an issue with getting a feature to work on Safari and iOS devices, even though it works perfectly on Firefox, Chrome, Edge, and IE. The problem arises with an input field on the page that sends user input to the server and updates the DOM ...

javascriptjqueryiosajaxsafari

Component not refreshing when state changes occur

I have a unique react application that resembles the one showcased in this codesandbox link https://codesandbox.io/s/eatery-v1691 By clicking on the Menu located at the bottom center of the page, it triggers the display of the MenuFilter component. The M ...

javascriptreactjs

How can you retrieve the keys of an object that conforms to an interface?

In the following demonstration, we have two objects - KEYS and KEYS2. When importing KEYS in index.ts, autocomplete suggestions are available for K1 and K2 because KEYS does not adhere to an interface. On the other hand, with KEYS2, autocomplete is not pr ...

javascriptangulartypescript

Issue: No default template engine specified and no file extension provided. (Using Express framework)

While I came across numerous questions with a similar title, they only provided me with partial help and did not completely resolve the error that plagued me. Just to provide some context, I had created a file named listing.js as a tool for running node c ...

javascriptnode.jsexpress

Transforming an array of objects into an object composed solely of values

I currently have an array of objects in the format { key1:value1, key2:value2 }, { key3:value3, key4:value4 }, etc. and I am looking to transform it into a new object with the structure { value1: value2, value3: value4 } ...

javascriptarraysobject

Error: Uncaught ReferenceError: d3 is undefined. The script is not properly referenced

Entering the world of web development, I usually find solutions on Stack Overflow. However, this time I'm facing a challenge. I am using Firefox 32 with Firebug as my debugger. The webpage I have locally runs with the following HTML Code <!DOCTYP ...

javascriptjquerytwitter-bootstrapd3.js

generate a cookie within a pop-up window

Can someone help me figure out why my Modal Window with a cookie to display only once isn't working? I followed this tutorial at . Here is the link to my website: Here is my code: <div class="modal fade" id="myModal" tabindex="-1" role="dialog" a ...

javascriptjquerycookiesjquery-cookie

Wordpress AJAX delivering empty response instead of intended string

I have tried everything, including adding die() at the end of my PHP function, but my ajax call is still returning zero. I went through other questions here but could not find a solution, so please review my code. This is the function I use to make an aja ...

javascriptphpjqueryajaxwordpress

Scrolling and hovering now triggers the fixed button to toggle class seamlessly

Currently, I am attempting to modify the class of a button on my website. The initial state of the button is wide, but as the user scrolls, it should shrink in size. When hovering over the shrunken button, it should expand back to its original width. Alt ...

javascripthtmljquerycssbutton

An issue has been encountered in the code during the installation of react.js

node:internal/modules/cjs/loader:1148 throw err; ^ Error: Module 'C:\Users\hp\AppData\Roaming\npm\node_modules\npm\bin\npm-cli.js' could not be found. at Module._resolveFilename (node:internal ...

javascriptreactjsnode.jsnpmnode-modules

What steps should be taken to prepare files (such as editing images) before they are uploaded to Google Drive using the `rpldy/drive-uploady` tool?

I have successfully implemented rpldy/drive-uploady to upload files to Google Drive. However, I would like to allow users to edit images before uploading them. How can I achieve this? Below is the code snippet: import DriveUploady from "drive-uploady ...

javascriptnode.jsreactjsnext.jsfile-upload

An elusive static image file goes unseen within the realm of node.js/express

I am encountering an issue with serving static files in Express on Node.js. When I request a .css file from the server, everything works fine. However, if I try to load an image such as a jpg or png, it just shows a blank white page without any error messa ...

javascriptnode.jsexpresscloud9-ide

Creating distinctive identifiers for individual function parameters in JavaScript using addEventListener

I am working on a for loop that dynamically generates elements within a div. Each element should trigger the same function, but with a unique ID. for(var i = 0; i < 10; i++) { var p = document.createElement("p"); var t = document. ...

javascriptdom-events

The AJAX post request is returning an undefined value

I'm working with JavaScript, AJAX, and Node.js but I'm having trouble receiving a value on the server side when making a POST request. Despite my efforts to test it out, the console keeps returning 'value undefined'. Here's a snip ...

javascriptnode.jsajax

Accessing elements within a gridview

My gridview is connected to an objectdatasource and contains a bound textbox for input in each row. Next to the textbox, there is a button that triggers a javascript popup for unit conversion. I am wondering: how can I specify to the unit converter (Ja ...

asp.netjavascriptgridview