Add sanitize-html for content displayed via dangerouslySetInnerHtml
This commit is contained in:
parent
6bb8a6306a
commit
575264fb4f
|
@ -48,6 +48,7 @@
|
||||||
"inferno-devtools": "^3.6.1",
|
"inferno-devtools": "^3.6.1",
|
||||||
"marked": "^0.3.6",
|
"marked": "^0.3.6",
|
||||||
"papaparse": "^4.3.3",
|
"papaparse": "^4.3.3",
|
||||||
|
"sanitize-html": "^1.14.1",
|
||||||
"store": "^2.0.12"
|
"store": "^2.0.12"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import Inferno from 'inferno';
|
import Inferno from 'inferno';
|
||||||
import Component from 'inferno-component';
|
import Component from 'inferno-component';
|
||||||
import marked from 'marked';
|
import marked from 'marked';
|
||||||
|
import sanitizeHtml from 'sanitize-html';
|
||||||
|
|
||||||
export const PhonologyDisplay = ({ phonologyContent }) => {
|
export const PhonologyDisplay = ({ phonologyContent }) => {
|
||||||
return (
|
return (
|
||||||
|
@ -128,7 +129,7 @@ export const PhonologyDisplay = ({ phonologyContent }) => {
|
||||||
<strong>Exceptions:</strong>
|
<strong>Exceptions:</strong>
|
||||||
<div className="content"
|
<div className="content"
|
||||||
dangerouslySetInnerHTML={{
|
dangerouslySetInnerHTML={{
|
||||||
__html: marked(phonologyContent.phonotactics.exceptions),
|
__html: marked(sanitizeHtml(phonologyContent.phonotactics.exceptions)),
|
||||||
}} />
|
}} />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import Inferno from 'inferno';
|
import Inferno from 'inferno';
|
||||||
import Component from 'inferno-component';
|
import Component from 'inferno-component';
|
||||||
import marked from 'marked';
|
import marked from 'marked';
|
||||||
|
import sanitizeHtml from 'sanitize-html';
|
||||||
|
|
||||||
import { PhonologyDisplay } from './PhonologyDisplay';
|
import { PhonologyDisplay } from './PhonologyDisplay';
|
||||||
|
|
||||||
|
@ -48,10 +49,11 @@ export class DetailsSection extends Component {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
const sanitizedCustomTabContent = sanitizeHtml(details.custom[currentDisplay - defaultMenuLength].content);
|
||||||
return (
|
return (
|
||||||
<div className='content'>
|
<div className='content'>
|
||||||
<div dangerouslySetInnerHTML={{
|
<div dangerouslySetInnerHTML={{
|
||||||
__html: marked(details.custom[currentDisplay - defaultMenuLength].content),
|
__html: marked(sanitizedCustomTabContent),
|
||||||
}} />
|
}} />
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import Inferno from 'inferno';
|
import Inferno from 'inferno';
|
||||||
import Component from 'inferno-component';
|
import Component from 'inferno-component';
|
||||||
import marked from 'marked';
|
import marked from 'marked';
|
||||||
|
import sanitizeHtml from 'sanitize-html';
|
||||||
|
|
||||||
import { EditDictionaryModal } from '../../management/EditDictionaryModal';
|
import { EditDictionaryModal } from '../../management/EditDictionaryModal';
|
||||||
import { DetailsSection } from './DetailsSection';
|
import { DetailsSection } from './DetailsSection';
|
||||||
|
@ -20,7 +21,7 @@ export class DictionaryDetails extends Component {
|
||||||
currentDisplay: DISPLAY.NONE,
|
currentDisplay: DISPLAY.NONE,
|
||||||
}
|
}
|
||||||
|
|
||||||
this._descriptionHTML = marked(props.description);
|
this._descriptionHTML = marked(sanitizeHtml(props.description));
|
||||||
}
|
}
|
||||||
|
|
||||||
componentWillReceiveProps (nextProps) {
|
componentWillReceiveProps (nextProps) {
|
||||||
|
@ -28,7 +29,7 @@ export class DictionaryDetails extends Component {
|
||||||
nextDescription = nextProps.description;
|
nextDescription = nextProps.description;
|
||||||
|
|
||||||
if (currentDescription !== nextDescription) {
|
if (currentDescription !== nextDescription) {
|
||||||
this._descriptionHTML = marked(nextProps.description);
|
this._descriptionHTML = marked(sanitizeHtml(nextProps.description));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
55
yarn.lock
55
yarn.lock
|
@ -1091,10 +1091,38 @@ dns-txt@^2.0.2:
|
||||||
dependencies:
|
dependencies:
|
||||||
buffer-indexof "^1.0.0"
|
buffer-indexof "^1.0.0"
|
||||||
|
|
||||||
|
dom-serializer@0:
|
||||||
|
version "0.1.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82"
|
||||||
|
dependencies:
|
||||||
|
domelementtype "~1.1.1"
|
||||||
|
entities "~1.1.1"
|
||||||
|
|
||||||
domain-browser@^1.1.1:
|
domain-browser@^1.1.1:
|
||||||
version "1.1.7"
|
version "1.1.7"
|
||||||
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.1.7.tgz#867aa4b093faa05f1de08c06f4d7b21fdf8698bc"
|
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.1.7.tgz#867aa4b093faa05f1de08c06f4d7b21fdf8698bc"
|
||||||
|
|
||||||
|
domelementtype@1, domelementtype@^1.3.0:
|
||||||
|
version "1.3.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
|
||||||
|
|
||||||
|
domelementtype@~1.1.1:
|
||||||
|
version "1.1.3"
|
||||||
|
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
|
||||||
|
|
||||||
|
domhandler@^2.3.0:
|
||||||
|
version "2.4.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.4.1.tgz#892e47000a99be55bbf3774ffea0561d8879c259"
|
||||||
|
dependencies:
|
||||||
|
domelementtype "1"
|
||||||
|
|
||||||
|
domutils@^1.5.1:
|
||||||
|
version "1.6.2"
|
||||||
|
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.6.2.tgz#1958cc0b4c9426e9ed367fb1c8e854891b0fa3ff"
|
||||||
|
dependencies:
|
||||||
|
dom-serializer "0"
|
||||||
|
domelementtype "1"
|
||||||
|
|
||||||
ecc-jsbn@~0.1.1:
|
ecc-jsbn@~0.1.1:
|
||||||
version "0.1.1"
|
version "0.1.1"
|
||||||
resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz#0fc73a9ed5f0d53c38193398523ef7e543777505"
|
resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz#0fc73a9ed5f0d53c38193398523ef7e543777505"
|
||||||
|
@ -1138,6 +1166,10 @@ enhanced-resolve@^3.0.0:
|
||||||
object-assign "^4.0.1"
|
object-assign "^4.0.1"
|
||||||
tapable "^0.2.5"
|
tapable "^0.2.5"
|
||||||
|
|
||||||
|
entities@^1.1.1, entities@~1.1.1:
|
||||||
|
version "1.1.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
|
||||||
|
|
||||||
errno@^0.1.3:
|
errno@^0.1.3:
|
||||||
version "0.1.4"
|
version "0.1.4"
|
||||||
resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.4.tgz#b896e23a9e5e8ba33871fc996abd3635fc9a1c7d"
|
resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.4.tgz#b896e23a9e5e8ba33871fc996abd3635fc9a1c7d"
|
||||||
|
@ -1745,6 +1777,17 @@ html-minifier@^3.0.1:
|
||||||
relateurl "0.2.x"
|
relateurl "0.2.x"
|
||||||
uglify-js "~2.8.22"
|
uglify-js "~2.8.22"
|
||||||
|
|
||||||
|
htmlparser2@^3.9.0:
|
||||||
|
version "3.9.2"
|
||||||
|
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
|
||||||
|
dependencies:
|
||||||
|
domelementtype "^1.3.0"
|
||||||
|
domhandler "^2.3.0"
|
||||||
|
domutils "^1.5.1"
|
||||||
|
entities "^1.1.1"
|
||||||
|
inherits "^2.0.1"
|
||||||
|
readable-stream "^2.0.2"
|
||||||
|
|
||||||
http-deceiver@^1.2.7:
|
http-deceiver@^1.2.7:
|
||||||
version "1.2.7"
|
version "1.2.7"
|
||||||
resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
|
resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
|
||||||
|
@ -3240,6 +3283,10 @@ regex-cache@^0.4.2:
|
||||||
is-equal-shallow "^0.1.3"
|
is-equal-shallow "^0.1.3"
|
||||||
is-primitive "^2.0.0"
|
is-primitive "^2.0.0"
|
||||||
|
|
||||||
|
regexp-quote@0.0.0:
|
||||||
|
version "0.0.0"
|
||||||
|
resolved "https://registry.yarnpkg.com/regexp-quote/-/regexp-quote-0.0.0.tgz#1e0f4650c862dcbfed54fd42b148e9bb1721fcf2"
|
||||||
|
|
||||||
regexpu-core@^1.0.0:
|
regexpu-core@^1.0.0:
|
||||||
version "1.0.0"
|
version "1.0.0"
|
||||||
resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-1.0.0.tgz#86a763f58ee4d7c2f6b102e4764050de7ed90c6b"
|
resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-1.0.0.tgz#86a763f58ee4d7c2f6b102e4764050de7ed90c6b"
|
||||||
|
@ -3343,6 +3390,14 @@ safe-buffer@^5.0.1:
|
||||||
version "5.0.1"
|
version "5.0.1"
|
||||||
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7"
|
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7"
|
||||||
|
|
||||||
|
sanitize-html@^1.14.1:
|
||||||
|
version "1.14.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.14.1.tgz#730ffa2249bdf18333effe45b286173c9c5ad0b8"
|
||||||
|
dependencies:
|
||||||
|
htmlparser2 "^3.9.0"
|
||||||
|
regexp-quote "0.0.0"
|
||||||
|
xtend "^4.0.0"
|
||||||
|
|
||||||
sass-graph@^2.1.1:
|
sass-graph@^2.1.1:
|
||||||
version "2.1.2"
|
version "2.1.2"
|
||||||
resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.1.2.tgz#965104be23e8103cb7e5f710df65935b317da57b"
|
resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.1.2.tgz#965104be23e8103cb7e5f710df65935b317da57b"
|
||||||
|
|
Loading…
Reference in New Issue