Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-08 09:24:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Try to fix some security issues. Part 2.

Browse source 
Thanks to responsible security disclosure contributors and xet7 !
This commit is contained in:
Lauri Ojansivu 2023-02-20 16:48:02 -05:00
parent e34cfad06b
commit 382168a5b4
9 changed files with 2198 additions and 3712 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/markdown/src/template-integration.js
View file

@ -65,6 +65,7 @@ if (Package.ui) {
text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING);
}
// Using isomorphic-dompurify that is isometric so it works also serverside
return HTML.Raw(DOMPurify.sanitize(Markdown.render(text), {ALLOW_UNKNOWN_PROTOCOLS: true}));
}));
}