sanitize marked output with DOMPurify
This commit is contained in:
parent
db00a1365c
commit
3ecb38b89a
9679
purs/package-lock.json
generated
9679
purs/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -16,5 +16,7 @@
|
|||
"spago": "^0.20.3",
|
||||
"terser": "^5.7.2"
|
||||
},
|
||||
"dependencies": {}
|
||||
"dependencies": {
|
||||
"dompurify": "^2.3.3"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,15 +15,6 @@ exports._closest = function(just, nothing, selector, el) {
|
|||
}
|
||||
}
|
||||
|
||||
exports._innerHtml = function(el) {
|
||||
return el.innerHTML;
|
||||
}
|
||||
|
||||
exports._setInnerHtml = function(content, el) {
|
||||
el.innerHTML = content;
|
||||
return el;
|
||||
}
|
||||
|
||||
exports._createFormData = function(formElement) {
|
||||
return new FormData(formElement);
|
||||
}
|
||||
|
|
|
@ -51,16 +51,6 @@ foreign import _mmoment8601 :: forall a. Fn4 (a -> Maybe a) (Maybe a) (String ->
|
|||
mmoment8601 :: String -> Maybe (Tuple String String)
|
||||
mmoment8601 s = runFn4 _mmoment8601 Just Nothing Tuple s
|
||||
|
||||
foreign import _innerHtml :: EffectFn1 HTMLElement String
|
||||
|
||||
innerHtml :: HTMLElement -> Effect String
|
||||
innerHtml n = runEffectFn1 _innerHtml n
|
||||
|
||||
foreign import _setInnerHtml :: EffectFn2 String HTMLElement HTMLElement
|
||||
|
||||
setInnerHtml :: String -> HTMLElement -> Effect HTMLElement
|
||||
setInnerHtml c n = runEffectFn2 _setInnerHtml c n
|
||||
|
||||
foreign import _createFormData :: Fn1 HTMLFormElement FormData
|
||||
|
||||
createFormData :: HTMLFormElement -> FormData
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
var marked = require("marked");
|
||||
var DOMPurify = require("dompurify");
|
||||
|
||||
marked.setOptions({
|
||||
pedantic: false,
|
||||
|
@ -7,5 +8,5 @@ marked.setOptions({
|
|||
|
||||
exports.markedImpl = function(str) {
|
||||
if (!str) return "";
|
||||
return marked(str);
|
||||
return DOMPurify.sanitize(marked(str));
|
||||
};
|
||||
|
|
8
static/js/app.min.js
vendored
8
static/js/app.min.js
vendored
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
Loading…
Reference in a new issue