liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: sanitize markdown preview on content change

Browse Source
This commit is contained in:
NGPixel
2020-05-01 00:55:31 -04:00
parent fd91565e61
commit 05e8a71cef
3 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
client/components/editor/editor-markdown.vue
View File

@@ -184,6 +184,7 @@ import _ from 'lodash'
import { get, sync } from 'vuex-pathify' import { get, sync } from 'vuex-pathify'
import markdownHelp from './markdown/help.vue' import markdownHelp from './markdown/help.vue'
import gql from 'graphql-tag' import gql from 'graphql-tag'
import DOMPurify from 'dompurify'
/* global siteConfig, siteLangs */ /* global siteConfig, siteLangs */
@@ -395,7 +396,7 @@ export default {
onCmInput: _.debounce(function (newContent) { onCmInput: _.debounce(function (newContent) {
linesMap = [] linesMap = []
this.$store.set('editor/content', newContent) this.$store.set('editor/content', newContent)
this.previewHTML = md.render(newContent) this.previewHTML = DOMPurify.sanitize(md.render(newContent))
this.$nextTick(() => { this.$nextTick(() => {
this.renderMermaidDiagrams() this.renderMermaidDiagrams()
Prism.highlightAllUnder(this.$refs.editorPreview) Prism.highlightAllUnder(this.$refs.editorPreview)

1
package.json
View File

@@ -65,6 +65,7 @@
"dependency-graph": "0.9.0", "dependency-graph": "0.9.0",
"diff": "4.0.2", "diff": "4.0.2",
"diff2html": "3.1.6", "diff2html": "3.1.6",
"dompurify": "2.0.10",
"dotize": "0.3.0", "dotize": "0.3.0",
"elasticsearch6": "npm:@elastic/elasticsearch@6", "elasticsearch6": "npm:@elastic/elasticsearch@6",
"elasticsearch7": "npm:@elastic/elasticsearch@7", "elasticsearch7": "npm:@elastic/elasticsearch@7",

BIN
yarn.lock
View File

Binary file not shown.