🚑 Corrige un problème de sécurité de l'éditeur

Faille XSS potentielle corrigée grâce à la doc
ui/12/user_settings
Clement Desmidt 6 months ago
parent 364af3ea61
commit 2c56eb91af
  1. 855
      package-lock.json
  2. 1
      package.json
  3. 4821
      public/js/app.js
  4. 4
      resources/js/components/pages/Form.tsx

855
package-lock.json generated

File diff suppressed because it is too large Load Diff

@ -44,6 +44,7 @@
"react-crypt-gsm": "^1.0.4",
"react-query": "^3.34.12",
"react-router-dom": "^5.3.0",
"rehype-sanitize": "^5.0.1",
"storage-encryption": "^1.0.16"
}
}

4821
public/js/app.js vendored

File diff suppressed because one or more lines are too long

@ -2,6 +2,7 @@ import * as React from 'react';
import {EncryptStorage} from 'storage-encryption';
import {Button, Stack, TextField} from "@mui/material";
import MDEditor from '@uiw/react-md-editor';
import rehypeSanitize from "rehype-sanitize";
let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur
export default function PageForm({setListPages, csrf, url, passphrase}) {
@ -77,6 +78,9 @@ export default function PageForm({setListPages, csrf, url, passphrase}) {
<MDEditor
value={content}
onChange={updateContent}
previewOptions={{
rehypePlugins: [[rehypeSanitize]],
}}
/>
<Button variant="contained" type={"submit"}>
Enregistrer

Loading…
Cancel
Save