fix: sanitize markdown preview on content change
This commit is contained in:
parent
fd91565e61
commit
05e8a71cef
@ -184,6 +184,7 @@ import _ from 'lodash'
|
||||
import { get, sync } from 'vuex-pathify'
|
||||
import markdownHelp from './markdown/help.vue'
|
||||
import gql from 'graphql-tag'
|
||||
import DOMPurify from 'dompurify'
|
||||
|
||||
/* global siteConfig, siteLangs */
|
||||
|
||||
@ -395,7 +396,7 @@ export default {
|
||||
onCmInput: _.debounce(function (newContent) {
|
||||
linesMap = []
|
||||
this.$store.set('editor/content', newContent)
|
||||
this.previewHTML = md.render(newContent)
|
||||
this.previewHTML = DOMPurify.sanitize(md.render(newContent))
|
||||
this.$nextTick(() => {
|
||||
this.renderMermaidDiagrams()
|
||||
Prism.highlightAllUnder(this.$refs.editorPreview)
|
||||
|
@ -65,6 +65,7 @@
|
||||
"dependency-graph": "0.9.0",
|
||||
"diff": "4.0.2",
|
||||
"diff2html": "3.1.6",
|
||||
"dompurify": "2.0.10",
|
||||
"dotize": "0.3.0",
|
||||
"elasticsearch6": "npm:@elastic/elasticsearch@6",
|
||||
"elasticsearch7": "npm:@elastic/elasticsearch@7",
|
||||
|
@ -6261,6 +6261,11 @@ domhandler@^2.3.0:
|
||||
dependencies:
|
||||
domelementtype "1"
|
||||
|
||||
dompurify@2.0.10:
|
||||
version "2.0.10"
|
||||
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.0.10.tgz#d193f36d8148b4297a3a420b992d20eeff47a4d3"
|
||||
integrity sha512-ok1dcSztsIuVxWG6Cx0ujyDIzNclz9W9OIU0cOb0IT+VAtSLrOelZF4miUvSm1U4PoCw8D7sIOLCnCQOaVpr3w==
|
||||
|
||||
domutils@1.5.1:
|
||||
version "1.5.1"
|
||||
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf"
|
||||
|
Loading…
Reference in New Issue
Block a user