🚑 Corrige un problème de sécurité de l'éditeur
Faille XSS potentielle corrigée grâce à la doc
This commit is contained in:
parent
364af3ea61
commit
2c56eb91af
855
package-lock.json
generated
855
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -44,6 +44,7 @@
|
|||||||
"react-crypt-gsm": "^1.0.4",
|
"react-crypt-gsm": "^1.0.4",
|
||||||
"react-query": "^3.34.12",
|
"react-query": "^3.34.12",
|
||||||
"react-router-dom": "^5.3.0",
|
"react-router-dom": "^5.3.0",
|
||||||
|
"rehype-sanitize": "^5.0.1",
|
||||||
"storage-encryption": "^1.0.16"
|
"storage-encryption": "^1.0.16"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
4853
public/js/app.js
vendored
4853
public/js/app.js
vendored
File diff suppressed because one or more lines are too long
@ -2,6 +2,7 @@ import * as React from 'react';
|
|||||||
import {EncryptStorage} from 'storage-encryption';
|
import {EncryptStorage} from 'storage-encryption';
|
||||||
import {Button, Stack, TextField} from "@mui/material";
|
import {Button, Stack, TextField} from "@mui/material";
|
||||||
import MDEditor from '@uiw/react-md-editor';
|
import MDEditor from '@uiw/react-md-editor';
|
||||||
|
import rehypeSanitize from "rehype-sanitize";
|
||||||
let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur
|
let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur
|
||||||
|
|
||||||
export default function PageForm({setListPages, csrf, url, passphrase}) {
|
export default function PageForm({setListPages, csrf, url, passphrase}) {
|
||||||
@ -77,6 +78,9 @@ export default function PageForm({setListPages, csrf, url, passphrase}) {
|
|||||||
<MDEditor
|
<MDEditor
|
||||||
value={content}
|
value={content}
|
||||||
onChange={updateContent}
|
onChange={updateContent}
|
||||||
|
previewOptions={{
|
||||||
|
rehypePlugins: [[rehypeSanitize]],
|
||||||
|
}}
|
||||||
/>
|
/>
|
||||||
<Button variant="contained" type={"submit"}>
|
<Button variant="contained" type={"submit"}>
|
||||||
Enregistrer
|
Enregistrer
|
||||||
|
Loading…
Reference in New Issue
Block a user