🚑 Corrige un problème de sécurité de l'éditeur

Faille XSS potentielle corrigée grâce à la doc
This commit is contained in:
Clement Desmidt 2022-04-14 11:35:50 +02:00
parent 364af3ea61
commit 2c56eb91af
4 changed files with 3546 additions and 2167 deletions

855
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -44,6 +44,7 @@
"react-crypt-gsm": "^1.0.4", "react-crypt-gsm": "^1.0.4",
"react-query": "^3.34.12", "react-query": "^3.34.12",
"react-router-dom": "^5.3.0", "react-router-dom": "^5.3.0",
"rehype-sanitize": "^5.0.1",
"storage-encryption": "^1.0.16" "storage-encryption": "^1.0.16"
} }
} }

4853
public/js/app.js vendored

File diff suppressed because one or more lines are too long

View File

@ -2,6 +2,7 @@ import * as React from 'react';
import {EncryptStorage} from 'storage-encryption'; import {EncryptStorage} from 'storage-encryption';
import {Button, Stack, TextField} from "@mui/material"; import {Button, Stack, TextField} from "@mui/material";
import MDEditor from '@uiw/react-md-editor'; import MDEditor from '@uiw/react-md-editor';
import rehypeSanitize from "rehype-sanitize";
let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur let encryptStorage = new EncryptStorage('test'); // TODO la clef doit venir de l'utilisateur
export default function PageForm({setListPages, csrf, url, passphrase}) { export default function PageForm({setListPages, csrf, url, passphrase}) {
@ -77,6 +78,9 @@ export default function PageForm({setListPages, csrf, url, passphrase}) {
<MDEditor <MDEditor
value={content} value={content}
onChange={updateContent} onChange={updateContent}
previewOptions={{
rehypePlugins: [[rehypeSanitize]],
}}
/> />
<Button variant="contained" type={"submit"}> <Button variant="contained" type={"submit"}>
Enregistrer Enregistrer