Skip to content

Commit

Permalink
Merge pull request #1494 from mermaid-js/sidv/sanitizeError
Browse files Browse the repository at this point in the history 
feat: Sanitize error message
  • Loading branch information
@sidharthv96
sidharthv96 authored Jul 25, 2024
2 parents eb62ba0 + 996a20d commit 28ef0e0
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 1 deletion.
2 changes: 2 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"@sveltejs/kit": "2.5.18",
"@sveltejs/vite-plugin-svelte": "^3.0.1",
"@testing-library/svelte": "4.2.3",
"@types/dompurify": "^3.0.5",
"@types/lodash-es": "^4.17.12",
"@types/pako": "2.0.3",
"@types/uuid": "9.0.8",
Expand Down Expand Up @@ -73,6 +74,7 @@
"@mermaid-js/mermaid-zenuml": "^0.2.0",
"daisyui": "2.52.0",
"dayjs": "^1.11.7",
"dompurify": "^3.1.6",
"js-base64": "3.7.7",
"lodash-es": "^4.17.21",
"mermaid": "10.9.1",
Expand Down
3 changes: 2 additions & 1 deletion src/lib/components/Editor.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
<script lang="ts">
import type { EditorMode } from '$lib/types';
import { initEditor } from '$lib/util/monacoExtra';
import { sanitizeText } from '$lib/util/sanitize';
import { stateStore, updateCode, updateConfig } from '$lib/util/state';
import { logEvent } from '$lib/util/stats';
import { themeStore } from '$lib/util/theme';
Expand Down Expand Up @@ -141,7 +142,7 @@
</div>
<div class="max-h-32 overflow-auto bg-red-600 p-2 font-mono">
<!-- eslint-disable-next-line svelte/no-at-html-tags -->
{@html $stateStore.error?.toString().replaceAll('\n', '<br />')}
{@html sanitizeText($stateStore.error?.toString().replaceAll('\n', '<br />'))}
</div>
</div>
{/if}
Expand Down
23 changes: 23 additions & 0 deletions src/lib/util/sanitize.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import DOMPurify from 'dompurify';

export const sanitizeText = (text?: string): string => {
return DOMPurify.sanitize(text ?? '', {
ALLOWED_TAGS: [
'b',
'i',
'u',
'a',
'p',
's',
'br',
'span',
'strong',
'em',
'code',
'pre',
'ul',
'ol',
'li'
]
});
};
17 changes: 17 additions & 0 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,13 @@
dependencies:
"@types/ms" "*"

"@types/dompurify@^3.0.5":
version "3.0.5"
resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-3.0.5.tgz#02069a2fcb89a163bacf1a788f73cb415dd75cb7"
integrity sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==
dependencies:
"@types/trusted-types" "*"

"@types/estree@*", "@types/[email protected]", "@types/estree@^1.0.0", "@types/estree@^1.0.1":
version "1.0.5"
resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4"
Expand Down Expand Up @@ -766,6 +773,11 @@
resolved "https://registry.yarnpkg.com/@types/sizzle/-/sizzle-2.3.3.tgz#ff5e2f1902969d305225a047c8a0fd5c915cebef"
integrity sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==

"@types/trusted-types@*":
version "2.0.7"
resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11"
integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==

"@types/unist@^2", "@types/unist@^2.0.0":
version "2.0.7"
resolved "https://registry.yarnpkg.com/@types/unist/-/unist-2.0.7.tgz#5b06ad6894b236a1d2bd6b2f07850ca5c59cf4d6"
Expand Down Expand Up @@ -2642,6 +2654,11 @@ dompurify@^3.1.5:
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.5.tgz#2c6a113fc728682a0f55684b1388c58ddb79dc38"
integrity sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA==

dompurify@^3.1.6:
version "3.1.6"
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.6.tgz#43c714a94c6a7b8801850f82e756685300a027e2"
integrity sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==

domutils@^3.0.1:
version "3.1.0"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-3.1.0.tgz#c47f551278d3dc4b0b1ab8cbb42d751a6f0d824e"
Expand Down

0 comments on commit 28ef0e0

Please sign in to comment.