diff --git a/package.json b/package.json
index 1d0aeb6..01b34ce 100644
--- a/package.json
+++ b/package.json
@@ -48,6 +48,7 @@
"inferno-devtools": "^3.6.1",
"marked": "^0.3.6",
"papaparse": "^4.3.3",
+ "sanitize-html": "^1.14.1",
"store": "^2.0.12"
}
}
diff --git a/src/components/display/DictionaryDetails/DetailsSection/PhonologyDisplay.jsx b/src/components/display/DictionaryDetails/DetailsSection/PhonologyDisplay.jsx
index 6e0e4ea..b6cff4a 100644
--- a/src/components/display/DictionaryDetails/DetailsSection/PhonologyDisplay.jsx
+++ b/src/components/display/DictionaryDetails/DetailsSection/PhonologyDisplay.jsx
@@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
+import sanitizeHtml from 'sanitize-html';
export const PhonologyDisplay = ({ phonologyContent }) => {
return (
@@ -128,7 +129,7 @@ export const PhonologyDisplay = ({ phonologyContent }) => {
Exceptions:
diff --git a/src/components/display/DictionaryDetails/DetailsSection/index.jsx b/src/components/display/DictionaryDetails/DetailsSection/index.jsx
index 281bece..e50c34f 100644
--- a/src/components/display/DictionaryDetails/DetailsSection/index.jsx
+++ b/src/components/display/DictionaryDetails/DetailsSection/index.jsx
@@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
+import sanitizeHtml from 'sanitize-html';
import { PhonologyDisplay } from './PhonologyDisplay';
@@ -48,10 +49,11 @@ export class DetailsSection extends Component {
}
}
} else {
+ const sanitizedCustomTabContent = sanitizeHtml(details.custom[currentDisplay - defaultMenuLength].content);
return (
);
diff --git a/src/components/display/DictionaryDetails/index.jsx b/src/components/display/DictionaryDetails/index.jsx
index 5694770..c838f63 100644
--- a/src/components/display/DictionaryDetails/index.jsx
+++ b/src/components/display/DictionaryDetails/index.jsx
@@ -1,6 +1,7 @@
import Inferno from 'inferno';
import Component from 'inferno-component';
import marked from 'marked';
+import sanitizeHtml from 'sanitize-html';
import { EditDictionaryModal } from '../../management/EditDictionaryModal';
import { DetailsSection } from './DetailsSection';
@@ -20,7 +21,7 @@ export class DictionaryDetails extends Component {
currentDisplay: DISPLAY.NONE,
}
- this._descriptionHTML = marked(props.description);
+ this._descriptionHTML = marked(sanitizeHtml(props.description));
}
componentWillReceiveProps (nextProps) {
@@ -28,7 +29,7 @@ export class DictionaryDetails extends Component {
nextDescription = nextProps.description;
if (currentDescription !== nextDescription) {
- this._descriptionHTML = marked(nextProps.description);
+ this._descriptionHTML = marked(sanitizeHtml(nextProps.description));
}
}
diff --git a/yarn.lock b/yarn.lock
index 0419e91..a579b52 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1091,10 +1091,38 @@ dns-txt@^2.0.2:
dependencies:
buffer-indexof "^1.0.0"
+dom-serializer@0:
+ version "0.1.0"
+ resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82"
+ dependencies:
+ domelementtype "~1.1.1"
+ entities "~1.1.1"
+
domain-browser@^1.1.1:
version "1.1.7"
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.1.7.tgz#867aa4b093faa05f1de08c06f4d7b21fdf8698bc"
+domelementtype@1, domelementtype@^1.3.0:
+ version "1.3.0"
+ resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
+
+domelementtype@~1.1.1:
+ version "1.1.3"
+ resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
+
+domhandler@^2.3.0:
+ version "2.4.1"
+ resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.4.1.tgz#892e47000a99be55bbf3774ffea0561d8879c259"
+ dependencies:
+ domelementtype "1"
+
+domutils@^1.5.1:
+ version "1.6.2"
+ resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.6.2.tgz#1958cc0b4c9426e9ed367fb1c8e854891b0fa3ff"
+ dependencies:
+ dom-serializer "0"
+ domelementtype "1"
+
ecc-jsbn@~0.1.1:
version "0.1.1"
resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz#0fc73a9ed5f0d53c38193398523ef7e543777505"
@@ -1138,6 +1166,10 @@ enhanced-resolve@^3.0.0:
object-assign "^4.0.1"
tapable "^0.2.5"
+entities@^1.1.1, entities@~1.1.1:
+ version "1.1.1"
+ resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
+
errno@^0.1.3:
version "0.1.4"
resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.4.tgz#b896e23a9e5e8ba33871fc996abd3635fc9a1c7d"
@@ -1745,6 +1777,17 @@ html-minifier@^3.0.1:
relateurl "0.2.x"
uglify-js "~2.8.22"
+htmlparser2@^3.9.0:
+ version "3.9.2"
+ resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
+ dependencies:
+ domelementtype "^1.3.0"
+ domhandler "^2.3.0"
+ domutils "^1.5.1"
+ entities "^1.1.1"
+ inherits "^2.0.1"
+ readable-stream "^2.0.2"
+
http-deceiver@^1.2.7:
version "1.2.7"
resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
@@ -3240,6 +3283,10 @@ regex-cache@^0.4.2:
is-equal-shallow "^0.1.3"
is-primitive "^2.0.0"
+regexp-quote@0.0.0:
+ version "0.0.0"
+ resolved "https://registry.yarnpkg.com/regexp-quote/-/regexp-quote-0.0.0.tgz#1e0f4650c862dcbfed54fd42b148e9bb1721fcf2"
+
regexpu-core@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-1.0.0.tgz#86a763f58ee4d7c2f6b102e4764050de7ed90c6b"
@@ -3343,6 +3390,14 @@ safe-buffer@^5.0.1:
version "5.0.1"
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7"
+sanitize-html@^1.14.1:
+ version "1.14.1"
+ resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.14.1.tgz#730ffa2249bdf18333effe45b286173c9c5ad0b8"
+ dependencies:
+ htmlparser2 "^3.9.0"
+ regexp-quote "0.0.0"
+ xtend "^4.0.0"
+
sass-graph@^2.1.1:
version "2.1.2"
resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.1.2.tgz#965104be23e8103cb7e5f710df65935b317da57b"