Radish alpha
r
radicle-explorer
rad:z4V1sjrXqjvFdnCUbxPFqd5p4DtH5
Radicle web interface
Radicle
Git
Commits 4c31a81
Restrict DOM sanitization to limited whitelist
Sebastian Martinez committed 1 year ago
commit 4c31a8134daa456b84a7d55ea208c11028eee676
parent b77c086
1 file changed +46 -4
modified src/lib/markdown.ts
@@ -13,10 +13,52 @@ import { canonicalize, isUrl } from "@app/lib/utils";
import { routeToPath } from "@app/lib/router";



dompurify.setConfig({
- 
  // eslint-disable-next-line @typescript-eslint/naming-convention
- 
  SANITIZE_DOM: false,
- 
  // eslint-disable-next-line @typescript-eslint/naming-convention
- 
  FORBID_TAGS: ["textarea", "style"],
+ 
  /* eslint-disable @typescript-eslint/naming-convention */
+ 
  ALLOWED_ATTR: [
+ 
    "align",
+ 
    "checked",
+ 
    "class",
+ 
    "href",
+ 
    "id",
+ 
    "name",
+ 
    "target",
+ 
    "text",
+ 
    "title",
+ 
    "src",
+ 
    "type",
+ 
  ],
+ 
  ALLOWED_TAGS: [
+ 
    "a",
+ 
    "blockquote",
+ 
    "br",
+ 
    "code",
+ 
    "dd",
+ 
    "div",
+ 
    "dl",
+ 
    "dt",
+ 
    "em",
+ 
    "h1",
+ 
    "h2",
+ 
    "h3",
+ 
    "h4",
+ 
    "h5",
+ 
    "h6",
+ 
    "hr",
+ 
    "img",
+ 
    "input",
+ 
    "li",
+ 
    "ol",
+ 
    "p",
+ 
    "pre",
+ 
    "table",
+ 
    "tbody",
+ 
    "td",
+ 
    "th",
+ 
    "thead",
+ 
    "tr",
+ 
    "ul",
+ 
  ],
+ 
  /* eslint-enable @typescript-eslint/naming-convention */

});



export class Renderer extends BaseRenderer {