Skip to content

Commit

Permalink
fix: resolve xss vulnerability (#549)
Browse files Browse the repository at this point in the history 
close #548
  • Loading branch information
@yanglbme
yanglbme authored Mar 3, 2025
1 parent 757697b commit 28ede70
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
7 changes: 4 additions & 3 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
"cos-js-sdk-v5": "^1.8.7",
"crypto-js": "^4.2.0",
"csstype": "^3.1.3",
"dompurify": "^3.2.4",
"es-toolkit": "^1.27.0",
"form-data": "4.0.1",
"front-matter": "^4.0.2",
Expand Down
2 changes: 2 additions & 0 deletions src/stores/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import { addPrefix, css2json, customCssWithTemplate, customizeTheme, downloadMD,
import { initRenderer } from '@/utils/renderer'
import CodeMirror from 'codemirror'
import { marked } from 'marked'
import DOMPurify from 'dompurify'

export const useStore = defineStore(`store`, () => {
// 是否开启深色模式
Expand Down Expand Up @@ -191,6 +192,7 @@ export const useStore = defineStore(`store`, () => {
const { markdownContent, readingTime: readingTimeResult } = renderer.parseFrontMatterAndContent(editor.value!.getValue())
readingTime.value = readingTimeResult
let outputTemp = marked.parse(markdownContent) as string
outputTemp = DOMPurify.sanitize(outputTemp)

// 阅读时间及字数统计
outputTemp = renderer.buildReadingTime(readingTimeResult) + outputTemp
Expand Down

0 comments on commit 28ede70

Please sign in to comment.