scl/szurubooru
1
0
Fork 0
mirror of https://github.com/rr-/szurubooru.git synced 2025-07-17 08:26:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

client/markdown: use DOMPurify over marked.js sanitizer

Browse Source 
See markedjs/marked#1232
This commit is contained in:
Shyam Sunder
2020-06-23 13:24:59 -04:00
parent 342ca9ccba
commit 0137cf383a
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
client/js/util/markdown.js
View File

@ -1,6 +1,7 @@
"use strict";
const marked = require("marked");
const DOMPurify = require("dompurify");
class BaseMarkdownWrapper {
preprocess(text) {
@ -158,7 +159,6 @@ function formatMarkdown(text) {
const options = {
renderer: renderer,
breaks: true,
sanitize: true,
smartypants: true,
};
let wrappers = [
@ -179,7 +179,7 @@ function formatMarkdown(text) {
for (let wrapper of wrappers) {
text = wrapper.postprocess(text);
}
return text;
return DOMPurify.sanitize(text);
}
function formatInlineMarkdown(text) {
@ -187,7 +187,6 @@ function formatInlineMarkdown(text) {
const options = {
renderer: renderer,
breaks: true,
sanitize: true,
smartypants: true,
};
let wrappers = [
@ -206,7 +205,7 @@ function formatInlineMarkdown(text) {
for (let wrapper of wrappers) {
text = wrapper.postprocess(text);
}
return text;
return DOMPurify.sanitize(text);
}
module.exports = {