Skip to content

Commit

Permalink
feat: 渲染 HTML 内容时进行过滤以防止 XSS 攻击 (#844)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ayangweb
ayangweb authored Nov 26, 2024
1 parent 7f9fafa commit d2c4f51
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
"antd": "^5.22.2",
"clsx": "^2.1.1",
"dayjs": "^1.11.13",
"dompurify": "^3.2.1",
"filesize": "^10.1.6",
"i18next": "^23.16.8",
"is-url": "^1.2.4",
Expand Down
16 changes: 16 additions & 0 deletions pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion src/pages/Clipboard/Panel/components/List/components/Item/components/HTML/index.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import type { HistoryTablePayload } from "@/types/database";
import DOMPurify from "dompurify";
import type { FC } from "react";

const HTML: FC<Partial<HistoryTablePayload>> = (props) => {
Expand Down Expand Up @@ -35,8 +36,8 @@ const HTML: FC<Partial<HistoryTablePayload>> = (props) => {
return (
<div
ref={containerRef}
dangerouslySetInnerHTML={{ __html: value }}
className="translate-z-0"
dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(value) }}
/>
);
};
Expand Down

0 comments on commit d2c4f51

Please sign in to comment.