Alamantus
/
Lexiconga
mirror of https://github.com/Alamantus/Lexiconga.git
1
0
Fork 0
Code Issues Releases Activity

Add sanitize-html for content displayed via dangerouslySetInnerHtml

This commit is contained in:
Robbie Antenesse 2017-08-19 11:00:39 -06:00
parent 6bb8a6306a
commit 575264fb4f
5 changed files with 64 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -48,6 +48,7 @@
"inferno-devtools": "^3.6.1",
"marked": "^0.3.6",
"papaparse": "^4.3.3",
"sanitize-html": "^1.14.1",
"store": "^2.0.12"
}
}

3
src/components/display/DictionaryDetails/DetailsSection/PhonologyDisplay.jsx
View File

@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
import sanitizeHtml from 'sanitize-html';
export const PhonologyDisplay = ({ phonologyContent }) => {
return (
@ -128,7 +129,7 @@ export const PhonologyDisplay = ({ phonologyContent }) => {
<strong>Exceptions:</strong>
<div className="content"
dangerouslySetInnerHTML={{
__html: marked(phonologyContent.phonotactics.exceptions),
__html: marked(sanitizeHtml(phonologyContent.phonotactics.exceptions)),
}} />
</div>
</div>

4
src/components/display/DictionaryDetails/DetailsSection/index.jsx
View File

@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
import sanitizeHtml from 'sanitize-html';
import { PhonologyDisplay } from './PhonologyDisplay';
@ -48,10 +49,11 @@ export class DetailsSection extends Component {
}
}
} else {
const sanitizedCustomTabContent = sanitizeHtml(details.custom[currentDisplay - defaultMenuLength].content);
return (
<div className='content'>
<div dangerouslySetInnerHTML={{
__html: marked(details.custom[currentDisplay - defaultMenuLength].content),
__html: marked(sanitizedCustomTabContent),
}} />
</div>
);

5
src/components/display/DictionaryDetails/index.jsx
View File

@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
import sanitizeHtml from 'sanitize-html';
import { EditDictionaryModal } from '../../management/EditDictionaryModal';
import { DetailsSection } from './DetailsSection';
@ -20,7 +21,7 @@ export class DictionaryDetails extends Component {
currentDisplay: DISPLAY.NONE,
}
this._descriptionHTML = marked(props.description);
this._descriptionHTML = marked(sanitizeHtml(props.description));
}
componentWillReceiveProps (nextProps) {
@ -28,7 +29,7 @@ export class DictionaryDetails extends Component {
nextDescription = nextProps.description;
if (currentDescription !== nextDescription) {
this._descriptionHTML = marked(nextProps.description);
this._descriptionHTML = marked(sanitizeHtml(nextProps.description));
}
}

55
yarn.lock
View File

@ -1091,10 +1091,38 @@ dns-txt@^2.0.2:
dependencies:
buffer-indexof "^1.0.0"
dom-serializer@0:
version "0.1.0"
resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82"
dependencies:
domelementtype "~1.1.1"
entities "~1.1.1"
domain-browser@^1.1.1:
version "1.1.7"
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.1.7.tgz#867aa4b093faa05f1de08c06f4d7b21fdf8698bc"
domelementtype@1, domelementtype@^1.3.0:
version "1.3.0"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
domelementtype@~1.1.1:
version "1.1.3"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
domhandler@^2.3.0:
version "2.4.1"
resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.4.1.tgz#892e47000a99be55bbf3774ffea0561d8879c259"
dependencies:
domelementtype "1"
domutils@^1.5.1:
version "1.6.2"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.6.2.tgz#1958cc0b4c9426e9ed367fb1c8e854891b0fa3ff"
dependencies:
dom-serializer "0"
domelementtype "1"
ecc-jsbn@~0.1.1:
version "0.1.1"
resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz#0fc73a9ed5f0d53c38193398523ef7e543777505"
@ -1138,6 +1166,10 @@ enhanced-resolve@^3.0.0:
object-assign "^4.0.1"
tapable "^0.2.5"
entities@^1.1.1, entities@~1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
errno@^0.1.3:
version "0.1.4"
resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.4.tgz#b896e23a9e5e8ba33871fc996abd3635fc9a1c7d"
@ -1745,6 +1777,17 @@ html-minifier@^3.0.1:
relateurl "0.2.x"
uglify-js "~2.8.22"
htmlparser2@^3.9.0:
version "3.9.2"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
dependencies:
domelementtype "^1.3.0"
domhandler "^2.3.0"
domutils "^1.5.1"
entities "^1.1.1"
inherits "^2.0.1"
readable-stream "^2.0.2"
http-deceiver@^1.2.7:
version "1.2.7"
resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
@ -3240,6 +3283,10 @@ regex-cache@^0.4.2:
is-equal-shallow "^0.1.3"
is-primitive "^2.0.0"
regexp-quote@0.0.0:
version "0.0.0"
resolved "https://registry.yarnpkg.com/regexp-quote/-/regexp-quote-0.0.0.tgz#1e0f4650c862dcbfed54fd42b148e9bb1721fcf2"
regexpu-core@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-1.0.0.tgz#86a763f58ee4d7c2f6b102e4764050de7ed90c6b"
@ -3343,6 +3390,14 @@ safe-buffer@^5.0.1:
version "5.0.1"
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7"
sanitize-html@^1.14.1:
version "1.14.1"
resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.14.1.tgz#730ffa2249bdf18333effe45b286173c9c5ad0b8"
dependencies:
htmlparser2 "^3.9.0"
regexp-quote "0.0.0"
xtend "^4.0.0"
sass-graph@^2.1.1:
version "2.1.2"
resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.1.2.tgz#965104be23e8103cb7e5f710df65935b317da57b"