Skip to content

Commit

Permalink
Use dompurify to sanitize markedown rendering
Browse files Browse the repository at this point in the history
  • Loading branch information
@mtsgrd
mtsgrd committed Feb 21, 2025
1 parent 9a1236b commit 8da5bd7
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 43 deletions.
2 changes: 1 addition & 1 deletion apps/desktop/src/components/CommitCard.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@
import Tooltip from '@gitbutler/ui/Tooltip.svelte';
import PopoverActionsContainer from '@gitbutler/ui/popoverActions/PopoverActionsContainer.svelte';
import PopoverActionsItem from '@gitbutler/ui/popoverActions/PopoverActionsItem.svelte';
import { marked } from '@gitbutler/ui/utils/marked';
import { getTimeAgo } from '@gitbutler/ui/utils/timeAgo';
import { marked } from 'marked';
import { type Snippet } from 'svelte';
const userService = getContext(UserService);
Expand Down
2 changes: 1 addition & 1 deletion apps/desktop/src/components/v3/StackDetailsCommitHeader.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@
import Icon from '@gitbutler/ui/Icon.svelte';
import Modal from '@gitbutler/ui/Modal.svelte';
import Tooltip from '@gitbutler/ui/Tooltip.svelte';
import { marked } from '@gitbutler/ui/utils/marked';
import { getTimeAgo } from '@gitbutler/ui/utils/timeAgo';
import { marked } from 'marked';
import type { Commit, WorkspaceBranch } from '$lib/branches/v3';
interface Props {
Expand Down
2 changes: 1 addition & 1 deletion apps/web/src/routes/downloads/+page.svelte
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<script lang="ts">
import { marked } from 'marked';
import { marked } from '@gitbutler/ui/utils/marked';
import type { Build, Release } from '$lib/types/releases';
interface Props {
Expand Down
2 changes: 1 addition & 1 deletion apps/web/src/routes/projects/[projectId]/branches/[branchId]/stack/[changeId]/+page.svelte
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
<script lang="ts">
import { getContext } from '@gitbutler/shared/context';
import { HttpClient } from '@gitbutler/shared/network/httpClient';
import { marked } from '@gitbutler/ui/utils/marked';
import hljs from 'highlight.js';
import { marked } from 'marked';
import { onMount } from 'svelte';
import { env } from '$env/dynamic/public';
Expand Down
1 change: 1 addition & 0 deletions packages/ui/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
"cpy-cli": "^5.0.0",
"dayjs": "^1.11.13",
"diff-match-patch": "^1.0.5",
"isomorphic-dompurify": "^2.22.0",
"marked": "catalog:",
"playwright": "1.47.0",
"postcss": "^8.4.49",
Expand Down
6 changes: 6 additions & 0 deletions packages/ui/src/lib/utils/marked.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import DOMPurify from 'isomorphic-dompurify';
import { marked as markedLib } from 'marked';

// eslint-disable-next-line func-style
export const marked: (arg: string) => string = (value: string) =>
DOMPurify.sanitize(markedLib.parse(value, { async: false }));
84 changes: 45 additions & 39 deletions pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 8da5bd7

Please sign in to comment.