Sanitize Markdown inputs

2017-06-01 22:14:44 -07:00
parent 23b1a8aabd
commit af2b1e20f1
3 changed files with 7038 additions and 3 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -67,6 +67,7 @@
    "redux-immutable": "3.0.8",
    "redux-logger": "*",
    "reselect": "2.5.3",
+    "sanitize-html": "^1.14.1",
    "serialize-error": "2.0.0",
    "shallowequal": "0.2.2",
    "swagger-client": "~3.0.12",
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -1,10 +1,11 @@
-import Remarkable from "react-remarkable"
 import React from "react"
-
+import Remarkable from "react-remarkable"
+import sanitize from "sanitize-html"

 export default function Markdown({ source }) {
+  const sanitized = sanitize(source)
  return <Remarkable
    options={{html: true, typographer: true, linkify: true, linkTarget: "_blank"}}
-    source={source}
+    source={sanitized}
    ></Remarkable>
 }