mirror/tiptap
1
0
Fork 0
mirror of https://github.com/ueberdosis/tiptap.git synced 2024-12-14 18:49:02 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #747 from jnguyen32/xss-bug-fix-issue-724

Browse Source 
XSS bug fix issue #724: XSS issue when importing through getHTML() function
This commit is contained in:
Philipp Kühn 2020-07-08 08:57:14 +02:00 committed by GitHub
commit aac9e7d674
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20574 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
.history
.DS_Store
node_modules
dist/

20570
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

6
packages/tiptap/src/Editor.js
View File

@ -272,9 +272,9 @@ export default class Editor extends Emitter {
}
if (typeof content === 'string') {
const element = document.createElement('div')
element.innerHTML = content.trim()
const htmlString = `<div>${content}</div>`;
const parser = new window.DOMParser;
const element = parser.parseFromString(htmlString, "text/html").body;
return DOMParser.fromSchema(this.schema).parse(element, parseOptions)
}