mirror of
https://github.com/ueberdosis/tiptap.git
synced 2024-12-15 02:59:01 +08:00
Merge pull request #747 from jnguyen32/xss-bug-fix-issue-724
XSS bug fix issue #724: XSS issue when importing through getHTML() function
This commit is contained in:
commit
aac9e7d674
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
|
.history
|
||||||
.DS_Store
|
.DS_Store
|
||||||
node_modules
|
node_modules
|
||||||
dist/
|
dist/
|
||||||
|
20570
package-lock.json
generated
Normal file
20570
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -272,9 +272,9 @@ export default class Editor extends Emitter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (typeof content === 'string') {
|
if (typeof content === 'string') {
|
||||||
const element = document.createElement('div')
|
const htmlString = `<div>${content}</div>`;
|
||||||
element.innerHTML = content.trim()
|
const parser = new window.DOMParser;
|
||||||
|
const element = parser.parseFromString(htmlString, "text/html").body;
|
||||||
return DOMParser.fromSchema(this.schema).parse(element, parseOptions)
|
return DOMParser.fromSchema(this.schema).parse(element, parseOptions)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user