🚑 Corrige un problème de sécurité de l'éditeur

Faille XSS potentielle corrigée grâce à la doc
12 months ago · 2c56eb91af
parent 364af3ea61
commit 2c56eb91af
4 changed files with 3530 additions and 2151 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -44,6 +44,7 @@
        "react-crypt-gsm": "^1.0.4",
        "react-query": "^3.34.12",
        "react-router-dom": "^5.3.0",
+        "rehype-sanitize": "^5.0.1",
        "storage-encryption": "^1.0.16"
    }
 }
--- a/public/js/app.js
+++ b/public/js/app.js
--- a/resources/js/components/pages/Form.tsx
+++ b/resources/js/components/pages/Form.tsx
@ -2,6 +2,7 @@ import * as React from 'react';
 import {EncryptStorage} from 'storage-encryption';
 import {Button, Stack, TextField} from "@mui/material";
 import MDEditor from '@uiw/react-md-editor';
+import rehypeSanitize from "rehype-sanitize";
 let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur

 export default function PageForm({setListPages, csrf, url, passphrase}) {
@ -77,6 +78,9 @@ export default function PageForm({setListPages, csrf, url, passphrase}) {
                <MDEditor
                    value={content}
                    onChange={updateContent}
+                    previewOptions={{
+                        rehypePlugins: [[rehypeSanitize]],
+                    }}
                  />
                <Button variant="contained" type={"submit"}>
                    Enregistrer