diff options
| -rw-r--r-- | package-lock.json | 17 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | src/client/views/collections/collectionSchema/SchemaCellField.tsx | 3 |
3 files changed, 21 insertions, 1 deletions
diff --git a/package-lock.json b/package-lock.json index a47585c74..0bf5df2d5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -94,6 +94,7 @@ "D": "^1.0.0", "d3": "^7.8.5", "depcheck": "^1.4.7", + "dompurify": "^3.1.7", "dotenv": "^16.4.5", "eslint-webpack-plugin": "^4.1.0", "exif": "^0.6.0", @@ -265,6 +266,7 @@ "@types/cookie-session": "^2.0.48", "@types/d3": "^7.4.3", "@types/dom-mediacapture-record": "^1.0.19", + "@types/dompurify": "^3.0.5", "@types/exif": "^0.6.5", "@types/express": "^5.0.0", "@types/express-session": "^1.17.10", @@ -9253,6 +9255,15 @@ "resolved": "https://registry.npmjs.org/@types/dom-speech-recognition/-/dom-speech-recognition-0.0.4.tgz", "integrity": "sha512-zf2GwV/G6TdaLwpLDcGTIkHnXf8JEf/viMux+khqKQKDa8/8BAUtXXZS563GnvJ4Fg0PBLGAaFf2GekEVSZ6GQ==" }, + "node_modules/@types/dompurify": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz", + "integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==", + "dev": true, + "dependencies": { + "@types/trusted-types": "*" + } + }, "node_modules/@types/eslint": { "version": "8.56.12", "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.56.12.tgz", @@ -9925,6 +9936,12 @@ "integrity": "sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==", "dev": true }, + "node_modules/@types/trusted-types": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "dev": true + }, "node_modules/@types/unist": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", diff --git a/package.json b/package.json index a1def81de..f0fa676a6 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ "@types/cookie-session": "^2.0.48", "@types/d3": "^7.4.3", "@types/dom-mediacapture-record": "^1.0.19", + "@types/dompurify": "^3.0.5", "@types/exif": "^0.6.5", "@types/express": "^5.0.0", "@types/express-session": "^1.17.10", @@ -173,6 +174,7 @@ "D": "^1.0.0", "d3": "^7.8.5", "depcheck": "^1.4.7", + "dompurify": "^3.1.7", "dotenv": "^16.4.5", "eslint-webpack-plugin": "^4.1.0", "exif": "^0.6.0", diff --git a/src/client/views/collections/collectionSchema/SchemaCellField.tsx b/src/client/views/collections/collectionSchema/SchemaCellField.tsx index e26dd9646..84e7b62bf 100644 --- a/src/client/views/collections/collectionSchema/SchemaCellField.tsx +++ b/src/client/views/collections/collectionSchema/SchemaCellField.tsx @@ -8,6 +8,7 @@ import { FieldView, FieldViewProps } from '../../nodes/FieldView'; import { ObjectField } from '../../../../fields/ObjectField'; import { Doc } from '../../../../fields/Doc'; import { DocumentView } from '../../nodes/DocumentView'; +import DOMPurify from 'dompurify'; /** * The SchemaCellField renders text in schema cells while the user is editing, and updates the @@ -168,7 +169,7 @@ export class SchemaCellField extends ObservableReactComponent<SchemaCellFieldPro @action setContent = (content: string, restoreCursorPos?: boolean) => { const pos = this.cursorPosition; - this._displayedContent = this.makeSpans(content); + this._displayedContent = DOMPurify.sanitize(this.makeSpans(content)); restoreCursorPos && setTimeout(() => this.setCursorPosition(pos)); }; |