-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CB-4743 adds html sanitizer #2420
CB-4743 adds html sanitizer #2420
Conversation
tests are okay. I just changed the file name and job here went crazy cause it's left in |
* Licensed under the Apache License, Version 2.0. | ||
* you may not use this file except in compliance with the License. | ||
*/ | ||
export function toSafeHtmlString(dirty: string): string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably better to use lib like dompurify to sanitize html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was my first solution. @Wroud suggested to generate a html safe string
in this case we kill 2 rabbits:
- the code is not executable by browser
- the user will see that something illegal happened in his JSON tab editor and start investigation what happened
* CB-4743 adds html sanitizer * CB-4743 adds license to sanitizeHtml * CB-4743 do not use sanitize to purify the json line data * CB-4743 fix: toSafeHtmlString test correct cases --------- Co-authored-by: s.teleshev <[email protected]> Co-authored-by: mr-anton-t <[email protected]>
No description provided.