Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
sanitize marked output with DOMPurify
  • Loading branch information
jonschoning committed Sep 26, 2021
1 parent db00a13 commit 3ecb38b
Show file tree
Hide file tree
Showing 9 changed files with 9,681 additions and 34 deletions.
9,679 changes: 9,669 additions & 10 deletions purs/package-lock.json

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion purs/package.json
Expand Up @@ -16,5 +16,7 @@
"spago": "^0.20.3",
"terser": "^5.7.2"
},
"dependencies": {}
"dependencies": {
"dompurify": "^2.3.3"
}
}
9 changes: 0 additions & 9 deletions purs/src/Globals.js
Expand Up @@ -15,15 +15,6 @@ exports._closest = function(just, nothing, selector, el) {
}
}

exports._innerHtml = function(el) {
return el.innerHTML;
}

exports._setInnerHtml = function(content, el) {
el.innerHTML = content;
return el;
}

exports._createFormData = function(formElement) {
return new FormData(formElement);
}
Expand Down
10 changes: 0 additions & 10 deletions purs/src/Globals.purs
Expand Up @@ -51,16 +51,6 @@ foreign import _mmoment8601 :: forall a. Fn4 (a -> Maybe a) (Maybe a) (String ->
mmoment8601 :: String -> Maybe (Tuple String String)
mmoment8601 s = runFn4 _mmoment8601 Just Nothing Tuple s

foreign import _innerHtml :: EffectFn1 HTMLElement String

innerHtml :: HTMLElement -> Effect String
innerHtml n = runEffectFn1 _innerHtml n

foreign import _setInnerHtml :: EffectFn2 String HTMLElement HTMLElement

setInnerHtml :: String -> HTMLElement -> Effect HTMLElement
setInnerHtml c n = runEffectFn2 _setInnerHtml c n

foreign import _createFormData :: Fn1 HTMLFormElement FormData

createFormData :: HTMLFormElement -> FormData
Expand Down
3 changes: 2 additions & 1 deletion purs/src/Marked.js
@@ -1,4 +1,5 @@
var marked = require("marked");
var DOMPurify = require("dompurify");

marked.setOptions({
pedantic: false,
Expand All @@ -7,5 +8,5 @@ marked.setOptions({

exports.markedImpl = function(str) {
if (!str) return "";
return marked(str);
return DOMPurify.sanitize(marked(str));
};
8 changes: 6 additions & 2 deletions static/js/app.min.js

Large diffs are not rendered by default.

Binary file modified static/js/app.min.js.gz
Binary file not shown.
2 changes: 1 addition & 1 deletion static/js/app.min.js.map

Large diffs are not rendered by default.

Binary file modified static/js/app.min.js.map.gz
Binary file not shown.

0 comments on commit 3ecb38b

Please sign in to comment.