Skip to content

feat: bundle dompurify to sanitize malicious HTML#22

Open
snoopysecurity wants to merge 1 commit intoncornette:masterfrom
snoopysecurity:feat/santize-html-to-prevent-xss
Open

feat: bundle dompurify to sanitize malicious HTML#22
snoopysecurity wants to merge 1 commit intoncornette:masterfrom
snoopysecurity:feat/santize-html-to-prevent-xss

Conversation

@snoopysecurity
Copy link

@snoopysecurity snoopysecurity commented Feb 29, 2020

Currently the markdown-editor is vulnerable to XSS. This PR introduces DOMPurify (https://github.com/cure53/DOMPurify) which cleans potential malicious JavaScript.

@codecov
Copy link

codecov bot commented Feb 29, 2020
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 21.46%. Comparing base (5ba38e1) to head (a728b78).
Report is 6 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #22   +/-   ##
=======================================
  Coverage   21.46%   21.46%           
=======================================
  Files           3        3           
  Lines         219      219           
=======================================
  Hits           47       47           
  Misses        172      172

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snoopysecurity