Use DOMPurify to sanitize attributes in Content Editor
Use DOMPurify isValidAttribute function to ensure that the attributes processed by the client-side deserializer are not dangerous
显示
- app/assets/javascripts/content_editor/services/hast_to_prosemirror_converter.js 7 个添加, 6 个删除.../content_editor/services/hast_to_prosemirror_converter.js
- app/assets/javascripts/content_editor/services/remark_markdown_deserializer.js 24 个添加, 17 个删除...s/content_editor/services/remark_markdown_deserializer.js
- app/assets/javascripts/lib/dompurify.js 2 个添加, 0 个删除app/assets/javascripts/lib/dompurify.js
- glfm_specification/example_snapshots/html.yml 130 个添加, 130 个删除glfm_specification/example_snapshots/html.yml
- glfm_specification/example_snapshots/prosemirror_json.yml 148 个添加, 148 个删除glfm_specification/example_snapshots/prosemirror_json.yml
- spec/frontend/content_editor/remark_markdown_processing_spec.js 80 个添加, 12 个删除...rontend/content_editor/remark_markdown_processing_spec.js
- spec/frontend/content_editor/services/markdown_serializer_spec.js 41 个添加, 41 个删除...ntend/content_editor/services/markdown_serializer_spec.js
加载中
想要评论请 注册 或 登录