Chapril/date.chapril.org-framadate
Chapril
/
date.chapril.org-framadate
23
1
Fork 0
Code Issues Pull Requests Releases Activity

Add DOMPurify to sanitize markdown 

Closes #546

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-03-22 15:56:09 +01:00
parent 76f936b0cf
commit c266373344
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
4 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/dompurify.js Normal file
View File

File diff suppressed because one or more lines are too long

2
js/mde-wrapper.js
View File

@ -3,7 +3,7 @@ function myPreviewRender (text) {
return '&#'+i.charCodeAt(0)+';';
});
text = SimpleMDE.prototype.markdown(text);
text = text.replace(/ /g, '&nbsp;');
text = DOMPurify.sanitize(text);
return text;
};

1
tpl/create_poll.tpl
View File

@ -2,6 +2,7 @@
{block name="header"}
<script src="{"js/simplemde.min.js"|resource}" type="text/javascript"></script>
<script src="{"js/dompurify.js"|resource}" type="text/javascript"></script>
<script src="{"js/mde-wrapper.js"|resource}" type="text/javascript"></script>
<script src="{"js/app/create_poll.js"|resource}" type="text/javascript"></script>
<link rel="stylesheet" href="{"css/app/create_poll.css"|resource}">

1
tpl/studs.tpl
View File

@ -8,6 +8,7 @@
{if $admin}
<script src="{"js/simplemde.min.js"|resource}" type="text/javascript"></script>
<script src="{"js/dompurify.js"|resource}" type="text/javascript"></script>
<script src="{"js/mde-wrapper.js"|resource}" type="text/javascript"></script>
<script src="{"js/app/adminstuds.js"|resource}" type="text/javascript"></script>
<link rel="stylesheet" href="{'css/simplemde.min.css'|resource}">