mirror of
https://github.com/ueberdosis/tiptap.git
synced 2024-12-15 02:59:01 +08:00
Merge pull request #747 from jnguyen32/xss-bug-fix-issue-724
XSS bug fix issue #724: XSS issue when importing through getHTML() function
This commit is contained in:
commit
aac9e7d674
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
.history
|
||||
.DS_Store
|
||||
node_modules
|
||||
dist/
|
||||
|
20570
package-lock.json
generated
Normal file
20570
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -272,9 +272,9 @@ export default class Editor extends Emitter {
|
||||
}
|
||||
|
||||
if (typeof content === 'string') {
|
||||
const element = document.createElement('div')
|
||||
element.innerHTML = content.trim()
|
||||
|
||||
const htmlString = `<div>${content}</div>`;
|
||||
const parser = new window.DOMParser;
|
||||
const element = parser.parseFromString(htmlString, "text/html").body;
|
||||
return DOMParser.fromSchema(this.schema).parse(element, parseOptions)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user