KumiSystems/Chatwoot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: Handle unsanitized markup in DOM (#4110)

Browse source
This commit is contained in:
Fayaz Ahmed 2022-03-14 18:13:21 +05:30 committed by GitHub
parent e730804b48
commit dd1fe4f93a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/javascript/shared/helpers/MessageFormatter.js
View file

@ -47,7 +47,12 @@ class MessageFormatter {
const markedDownOutput = marked(withHash);
return markedDownOutput;
}
return marked(this.message, { breaks: true, gfm: true });
DOMPurify.addHook('afterSanitizeAttributes', node => {
if ('target' in node) node.setAttribute('target', '_blank');
});
return DOMPurify.sanitize(
marked(this.message, { breaks: true, gfm: true })
);
}
get formattedMessage() {