fix: sanitize markdown preview on content change

This commit is contained in:
NGPixel 2020-05-01 00:55:31 -04:00
parent fd91565e61
commit 05e8a71cef
3 changed files with 8 additions and 1 deletions

View File

@ -184,6 +184,7 @@ import _ from 'lodash'
import { get, sync } from 'vuex-pathify'
import markdownHelp from './markdown/help.vue'
import gql from 'graphql-tag'
import DOMPurify from 'dompurify'
/* global siteConfig, siteLangs */
@ -395,7 +396,7 @@ export default {
onCmInput: _.debounce(function (newContent) {
linesMap = []
this.$store.set('editor/content', newContent)
this.previewHTML = md.render(newContent)
this.previewHTML = DOMPurify.sanitize(md.render(newContent))
this.$nextTick(() => {
this.renderMermaidDiagrams()
Prism.highlightAllUnder(this.$refs.editorPreview)

View File

@ -65,6 +65,7 @@
"dependency-graph": "0.9.0",
"diff": "4.0.2",
"diff2html": "3.1.6",
"dompurify": "2.0.10",
"dotize": "0.3.0",
"elasticsearch6": "npm:@elastic/elasticsearch@6",
"elasticsearch7": "npm:@elastic/elasticsearch@7",

View File

@ -6261,6 +6261,11 @@ domhandler@^2.3.0:
dependencies:
domelementtype "1"
dompurify@2.0.10:
version "2.0.10"
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.0.10.tgz#d193f36d8148b4297a3a420b992d20eeff47a4d3"
integrity sha512-ok1dcSztsIuVxWG6Cx0ujyDIzNclz9W9OIU0cOb0IT+VAtSLrOelZF4miUvSm1U4PoCw8D7sIOLCnCQOaVpr3w==
domutils@1.5.1:
version "1.5.1"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf"