Closed peremenov closed 6 years ago
This is related to the internal usage of cheerio to replace the pictures and the configuration I pass: https://github.com/axe312ger/metalsmith-adaptive-images/blob/master/src/index.js#L104-L106
I had to do this to get valid HTML back then in the project I developed this for.
If anybody has a replacement for cheerio which will NOT alter the html code besides the image replacement, I'd be super happy to merge this is. A simple regex is IMHO not reliable enough.
Can you maybe try to remove the xmlMode: true
and see if it is working properly for you? That might be a quick fix.
As described here non-safe solution could be like this:
file.contents = new Buffer($.html({ decodeEntities: false }));
It works fine for me.
Yeah we can't do that :/
var cheerio = require("cheerio")
const $ = cheerio.load('<div><script>alert('xss')</script></div>')
console.log($.html())
// "<div><script>alert('xss')</script></div>"
console.log($.html({decodeEntities: false}))
// "<div><script>alert('xss')</script></div>"
Thank you anyways
I'm using configuration like this:
Charset of the source files utf-8. As result instead of
Зоркий
I've gotЗоркий