Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
}
// Strip out HTML comments. "JS-DOS" bug.
text = text.replace(/|$)/g, '(html comment removed: $1)')
let renderedText = html ? text : remarkable.render(text)
// Embed videos, link mentions and hashtags, etc...
if(renderedText) renderedText = HtmlReady(renderedText).html
// Complete removal of javascript and other dangerous tags..
// The must remain as close as possible to dangerouslySetInnerHTML
let cleanText = renderedText
if (this.props.allowDangerousHTML === true) {
console.log('WARN\tMarkdownViewer rendering unsanitized content')
} else {
cleanText = sanitize(renderedText, sanitizeConfig({large, highQualityPost, noImage: noImage && allowNoImage}))
}
if(/<\s*script/ig.test(cleanText)) {
// Not meant to be complete checking, just a secondary trap and red flag (code can change)
console.error('Refusing to render script tag in post text', cleanText)
return <div></div>
}
const noImageActive = cleanText.indexOf(noImageText) !== -1
// In addition to inserting the youtube compoennt, this allows react to compare separately preventing excessive re-rendering.
let idx = 0
const sections = []
// HtmlReady inserts ~~~ embed:${id} type ~~~
for(let section of cleanText.split('~~~ embed:')) {
// emoji unicode characters.
const emojiPlaceholderRegEx = new RegExp(':.+?:', 'g');
const matches = attrs.message.match(emojiPlaceholderRegEx, 'g');
if (matches) {
matches.forEach(match => {
const emoji = getEmojiByName(match);
if (emoji && emoji.char) {
attrs.message = attrs.message.replace(match, emoji.char);
}
});
}
// sanitize the message
attrs.message = sanitizeHtml(attrs.message);
// Generate a processed message with changes to the message that are specific to our UI.
attrs.processedMessage = processMessage(attrs.message);
} else {
// The processedMessage is automatically derived from the message and should not
// be set directly.
delete attrs.processedMessage;
}
return super.set(attrs, opts);
}
public static sanitize(html: string) {
return sanitizeHtml(html, {
// TODO: add all of these below.. to allowedAttributes.
allowedTags: [ 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote',
'cite', 'p', 'a', 'ul', 'ol', 'nl', 'li', 'b', 'i',
'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
'table', 'thead', 'caption', 'tbody', 'tr', 'th',
'td', 'pre', 'iframe' ],
allowedAttributes: {
'pre': ["style"],
'ul': ["style"],
'ol': ["style"],
'li': ["style"],
'ni': ["style"],
'code': ["style"],
function clean(dirty) {
if (!dirty) {
return dirty
}
// Convert embeds to a-tags
dirty = embedToAnchor(dirty)
dirty = linkifyHtml(dirty)
dirty = sanitizeHtml(dirty, {
allowedTags: [
'iframe',
'img',
'p',
'h3',
'h4',
'br',
'hr',
'b',
'i',
'em',
'strong',
'a',
'pre',
'ul',
'li',
private renderAppealStatement = (): JSX.Element => {
if (!this.props.appealStatement) {
return <>;
}
let parsed = this.props.appealStatement;
if (typeof parsed !== "object") {
try {
parsed = JSON.parse(this.props.appealStatement);
} catch (ex) {
console.warn("unable to parse appeal statement, possibly already parsed. ex: ", ex, parsed);
}
}
const summary = parsed.summary;
const cleanDetails = sanitizeHtml(parsed.details, {
allowedSchemes: sanitizeHtml.defaults.allowedSchemes.concat(["bzz"]),
});
return (
An appeal to the Civil Council has been requested.
<p>Should the Civil Council overturn this challenge result?</p>
Appeal Statement
<b>Summary</b>
<div>{summary}</div>
<b>Additional Details</b>
<div>
</div>
const msg = {
filename,
progress,
jobId
}
socketSvc.broadcast (
'svf.progress', msg, data.socketId)
}
}
})
const modelInfo = {
lifetime: galleryConfig.lifetime,
name : sanitizeHtml(data.name),
env: 'AutodeskProduction',
timestamp: new Date(),
//owner: data.userId,
model : {
objectKey,
fileId,
urn
}
}
const modelSvc = ServiceManager.getService(
data.db + '-ModelSvc')
const res = await modelSvc.register(modelInfo)
const msg = {
export function linkifyAndSanitizeHtml(dirtyHtml) {
return sanitizeHtml(linkifyString(dirtyHtml), sanitizeHtmlParams);
}
const formatMessageForLinks = (message: string): string => {
if (!message) {
return '';
}
const cleanMessage = sanitizeHtml(message);
const linkedMessage = Autolinker.link(cleanMessage);
return linkedMessage;
};
}
switch ( type ) {
case 'TextControl': {
return (
<div name="">
{ sanitizeHtml( fieldValue, plainText ) }
</div>
);
}
case 'TextareaControl': {
const {
auto_p: shouldAutoP,
} = fieldOptions;
const sanitizedText = sanitizeHtml( fieldValue, plainText );
return (
<div name="">
);
}
case 'RichText': {
return (
</div>