🚑 Corrige un problème de sécurité de l'éditeur

Faille XSS potentielle corrigée grâce à la doc
2022-04-14 11:35:50 +02:00
parent 364af3ea61
commit 2c56eb91af
4 changed files with 3546 additions and 2167 deletions
--- a/resources/js/components/pages/Form.tsx
+++ b/resources/js/components/pages/Form.tsx
@@ -2,6 +2,7 @@ import * as React from 'react';
 import {EncryptStorage} from 'storage-encryption';
 import {Button, Stack, TextField} from "@mui/material";
 import MDEditor from '@uiw/react-md-editor';
+import rehypeSanitize from "rehype-sanitize";
 let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur

 export default function PageForm({setListPages, csrf, url, passphrase}) {
@@ -77,6 +78,9 @@ export default function PageForm({setListPages, csrf, url, passphrase}) {
                <MDEditor
                    value={content}
                    onChange={updateContent}
+                    previewOptions={{
+                        rehypePlugins: [[rehypeSanitize]],
+                    }}
                  />
                <Button variant="contained" type={"submit"}>
                    Enregistrer