6aef218 Restrict DOM sanitization to limited whitelist — radicle-desktop

Radicle desktop app

Restrict DOM sanitization to limited whitelist

Sebastian Martinez committed 1 year ago

commit 6aef21825482ae689a2bce011b00c5dfaedabc47
parent bec0404b17682496072a83b24f0e889169f48a13

1 file changed +46 -4

modified src/lib/markdown.ts

@@ -10,10 +10,52 @@ import { markedEmoji } from "marked-emoji";

 import emojis from "@app/lib/emojis";
 dompurify.setConfig({
   // eslint-disable-next-line @typescript-eslint/naming-convention
   SANITIZE_DOM: false,
   // eslint-disable-next-line @typescript-eslint/naming-convention
   FORBID_TAGS: ["textarea", "style"],
   /* eslint-disable @typescript-eslint/naming-convention */
   ALLOWED_ATTR: [
     "align",
     "checked",
     "class",
     "href",
     "id",
     "name",
     "target",
     "text",
     "title",
     "src",
     "type",
   ],
   ALLOWED_TAGS: [
     "a",
     "blockquote",
     "br",
     "code",
     "dd",
     "div",
     "dl",
     "dt",
     "em",
     "h1",
     "h2",
     "h3",
     "h4",
     "h5",
     "h6",
     "hr",
     "img",
     "input",
     "li",
     "ol",
     "p",
     "pre",
     "table",
     "tbody",
     "td",
     "th",
     "thead",
     "tr",
     "ul",
   ],
   /* eslint-enable @typescript-eslint/naming-convention */
 });
 // Converts self closing anchor tags into empty anchor tags, to avoid erratic wrapping behaviour