Skip to content

Commit

Permalink
🐛 fix: sanitize innerHTML with dompurify (#176)
Browse files Browse the repository at this point in the history
Co-authored-by: keni.yyb <[email protected]>
  • Loading branch information
yangkeni and yangkeni authored Mar 29, 2024
1 parent 6e7be90 commit 96010e1
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
"color": "^4.2.3",
"copy-to-clipboard": "^3.3.3",
"diff": "^5.1.0",
"dompurify": "^3.0.11",
"fast-deep-equal": "^3.1.3",
"immer": "^9.0.21",
"lodash.flatten": "^4.4.0",
Expand Down
6 changes: 4 additions & 2 deletions src/Highlight/hooks/useShiki.tsx
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import * as DOMPurify from 'dompurify';
import { useEffect, useState } from 'react';
import { getHighlighter, type Highlighter } from 'shiki/bundle/web';
import { themeConfig } from '../theme';
Expand Down Expand Up @@ -42,9 +43,10 @@ export const useShiki = (language, theme) => {
lang: language,
theme,
});
return result;
return DOMPurify.sanitize(result);
} else {
return `<pre><code>${content}</code></pre>`;
// 在shiki加载完成之前,直接返回原始代码,同样需要进行xss过滤
return DOMPurify.sanitize(`<pre><code>${content}</code></pre>`);
}
};

Expand Down

0 comments on commit 96010e1

Please sign in to comment.