Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-25 07:45:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize HTML code

Browse source 
using DOMPurify v1.0.2
Fixes https://github.com/PrivateBin/PrivateBin/issues/183
This commit is contained in:
rugk 2017-11-21 21:22:51 +01:00
parent bccb349226
commit b6d7d56774
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D
4 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
js/privatebin.js
View file

@ -1761,8 +1761,9 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
tables: true,
tablesHeaderId: true
});
// let showdown convert the HTML and sanitize HTML *afterwards*!
$plainText.html(
converter.makeHtml(text)
DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
);
// add table classes from bootstrap css
$plainText.find('table').addClass('table-condensed table-bordered');