Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

πŸ› fix: sanitize innerHTML with dompurify #176

Merged
merged 1 commit into from
Mar 29, 2024

Conversation

yangkeni
Copy link
Contributor

πŸ’» ε˜ζ›΄η±»εž‹ | Change Type

  • ✨ feat
  • πŸ› fix
  • ♻️ refactor
  • πŸ’„ style
  • πŸ”¨ chore
  • ⚑️ perf
  • πŸ“ docs

πŸ”€ ε˜ζ›΄θ―΄ζ˜Ž | Description of Change

  • add dompurify to sanitize dangerouslyInnerHTML

πŸ“ θ‘₯充俑息 | Additional Information

with code below in highlight:

<img src="" onerror="alert()">
<a href="javascript:alert()">hey</a>
  • previous
    get xss
    image

  • after
    normally displayed
    image

@ONLY-yours
Copy link
Collaborator

nice change

@ONLY-yours ONLY-yours merged commit 96010e1 into ant-design:main Mar 29, 2024
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants