Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: added html sanitizer for remote rendering #1128

Merged
merged 3 commits into from Jun 17, 2020
Merged

update: added html sanitizer for remote rendering #1128

merged 3 commits into from Jun 17, 2020

Conversation

anikethsaha
Copy link
Member

Summary
Added DOMPurifier for validating content coming from remote url
#1126

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Docs
  • Build-related changes
  • Other, please describe:

If changing the UI of default theme, please provide the before/after screenshot:

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

If yes, please describe the impact and migration path for existing applications:

The PR fulfills these requirements:

  • When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
    You have tested in the following browsers: (Providing a detailed version will be better.)

  • Chrome

  • Firefox

  • Safari

  • Edge

  • IE

@anikethsaha
Copy link
Member Author

cc @Sharifi-Amin

@anikethsaha anikethsaha requested review from QingWei-Li and a team April 21, 2020 10:16
QingWei-Li
QingWei-Li previously approved these changes Apr 22, 2020
View reviewed changes
trusktr
trusktr requested changes Apr 26, 2020
View reviewed changes
Copy link
Member

@trusktr trusktr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hang on, I have an idea for isExternal.

trusktr
trusktr approved these changes Apr 26, 2020
View reviewed changes
src/core/render/index.js Outdated Show resolved Hide resolved
@trusktr
Copy link
Member

trusktr commented Apr 26, 2020

Ooops, let me fix lint errors.

@trusktr
Copy link
Member

trusktr commented Apr 26, 2020

There's also another isExternal check here:

docsify/src/core/render/index.js

Line 260 in b2e6123

const isExternal = /(?:http[s]?:)?\/\//.test(config.logo);

It should probably re-use the same trick.

trusktr
trusktr requested changes Apr 26, 2020
View reviewed changes
Copy link
Member

@trusktr trusktr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed my lint errors: anikethsaha#2

@anikethsaha
Copy link
Member Author

cc @trusktr Update ?

@anikethsaha anikethsaha added the semver-patch This needs a patch release label May 18, 2020
@vercel
Copy link

vercel bot commented May 21, 2020
edited

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/3unan0xu1
✅ Preview: https://docsify-previe-git-fork-anikethsaha-fix-validating-remot-df5960.docsify-core.vercel.app

trusktr
trusktr reviewed May 21, 2020
View reviewed changes
src/core/render/index.js Outdated Show resolved Hide resolved
@trusktr trusktr mentioned this pull request May 21, 2020
Open
This was referenced May 22, 2020
Closed
Merged
@anikethsaha anikethsaha force-pushed the fix-validating-remote-content branch from 45023a4 to 1e3dd13 Compare June 14, 2020 07:12
@codesandbox-ci
Copy link

codesandbox-ci bot commented Jun 14, 2020
edited

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 1d46637:

Sandbox Source
priceless-night-80tqp Configuration

trusktr
trusktr approved these changes Jun 17, 2020
View reviewed changes
Copy link
Member

@trusktr trusktr left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs tests. I'm adding some in my branch, currently in the tmp-update-server branch. I will make a better branch name before I'm make a PR to the main repo...

But for now, do you want to to merge this as is without tests? Or do you want to wait?

Personally I think we can get it merged, but not release yet.

@anikethsaha
Copy link
Member Author

anikethsaha commented Jun 17, 2020
edited

I will try to write tests for this. after that I guess we can merge it.

@trusktr trusktr mentioned this pull request Jun 17, 2020
Draft
21 tasks
@anikethsaha anikethsaha merged commit 714ef29 into docsifyjs:develop Jun 17, 2020
@snyk-bot snyk-bot mentioned this pull request Jun 26, 2020
Merged
trusktr added a commit that referenced this pull request Jul 4, 2020
@trusktr
Merge branch 'develop' into docsify-class
fc71b56 
* develop:
  docs: removed codefund docs and plugin (#1262)
  docs: remove bundle size from the home page and documentation (#1257)
  fix: search can not search the table header (#1256)
  fix: after setting the background image, the button is obscured (#1234)
  Fix: fixed onlycover flag in mobile (#1243)
  fix: Updated docs with instructions for installing specific version (fixes #780) (#1225)
  fix: Add error handling for missing dependencies (fixes #1210) (#1232)
  [documdocs:  deploy docsify in docker. (#1241)
  docs: Add embed gist instructions to Embed Files (fixes #932 ) (#1238)
  chore: add changelog 4.11.4
  [build] 4.11.4
  feat: added html sanitizer for remote rendering (#1128)
@jhildenbiddle jhildenbiddle mentioned this pull request Feb 5, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trusktr trusktr trusktr approved these changes

@sy-records sy-records sy-records approved these changes

@QingWei-Li QingWei-Li Awaiting requested review from QingWei-Li

@jhildenbiddle jhildenbiddle Awaiting requested review from jhildenbiddle

@Koooooo-7 Koooooo-7 Awaiting requested review from Koooooo-7

Assignees
No one assigned
Labels
semver-patch This needs a patch release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@anikethsaha @trusktr @QingWei-Li @sy-records