Home Explore Help
Sign In
mirrors
/
wikijs
mirror of https://github.com/Requarks/wiki.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: sanitize markdown preview on content change

NGPixel 5 years ago
parent
fd91565e61
commit
05e8a71cef
3 changed files with 8 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      client/components/editor/editor-markdown.vue
  2. 1 0
      package.json
  3. 5 0
      yarn.lock

+ 2 - 1
client/components/editor/editor-markdown.vue
View File 

@@ -184,6 +184,7 @@ import _ from 'lodash'
 
 import { get, sync } from 'vuex-pathify'
 
 import markdownHelp from './markdown/help.vue'
 
 import gql from 'graphql-tag'
 
+import DOMPurify from 'dompurify'
 
 
 /* global siteConfig, siteLangs */
 
 
@@ -395,7 +396,7 @@ export default {
 
     onCmInput: _.debounce(function (newContent) {
 
       linesMap = []
 
       this.$store.set('editor/content', newContent)
 
-      this.previewHTML = md.render(newContent)
 
+      this.previewHTML = DOMPurify.sanitize(md.render(newContent))
 
       this.$nextTick(() => {
 
         this.renderMermaidDiagrams()
 
         Prism.highlightAllUnder(this.$refs.editorPreview)

+ 1 - 0
package.json
View File 

@@ -65,6 +65,7 @@
 
     "dependency-graph": "0.9.0",
 
     "diff": "4.0.2",
 
     "diff2html": "3.1.6",
 
+    "dompurify": "2.0.10",
 
     "dotize": "0.3.0",
 
     "elasticsearch6": "npm:@elastic/elasticsearch@6",
 
     "elasticsearch7": "npm:@elastic/elasticsearch@7",

+ 5 - 0
yarn.lock
View File 

@@ -6261,6 +6261,11 @@ domhandler@^2.3.0:
 
   dependencies:
 
     domelementtype "1"
 
 
+dompurify@2.0.10:
 
+  version "2.0.10"
 
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.0.10.tgz#d193f36d8148b4297a3a420b992d20eeff47a4d3"
 
+  integrity sha512-ok1dcSztsIuVxWG6Cx0ujyDIzNclz9W9OIU0cOb0IT+VAtSLrOelZF4miUvSm1U4PoCw8D7sIOLCnCQOaVpr3w==
 
+
 
 domutils@1.5.1:
 
   version "1.5.1"
 
   resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf"