update: added html sanitizer for remote rendering #1128
Conversation
|
Ooops, let me fix lint errors. |
|
There's also another docsify/src/core/render/index.js Line 260 in b2e6123 It should probably re-use the same trick. |
|
cc @trusktr Update ? |
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/3unan0xu1 |
anikethsaha
force-pushed
the
fix-validating-remote-content
branch
from
45023a4
to
1e3dd13
Compare
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit 1d46637:
|
anikethsaha
requested review from
trusktr,
QingWei-Li,
jhildenbiddle,
Koooooo-7 and
sy-records
There was a problem hiding this comment.
Needs tests. I'm adding some in my branch, currently in the tmp-update-server branch. I will make a better branch name before I'm make a PR to the main repo...
But for now, do you want to to merge this as is without tests? Or do you want to wait?
Personally I think we can get it merged, but not release yet.
|
I will try to write tests for this. after that I guess we can merge it. |
* develop: docs: removed codefund docs and plugin (#1262) docs: remove bundle size from the home page and documentation (#1257) fix: search can not search the table header (#1256) fix: after setting the background image, the button is obscured (#1234) Fix: fixed onlycover flag in mobile (#1243) fix: Updated docs with instructions for installing specific version (fixes #780) (#1225) fix: Add error handling for missing dependencies (fixes #1210) (#1232) [documdocs: deploy docsify in docker. (#1241) docs: Add embed gist instructions to Embed Files (fixes #932 ) (#1238) chore: add changelog 4.11.4 [build] 4.11.4 feat: added html sanitizer for remote rendering (#1128)
Summary
Added
DOMPurifierfor validating content coming from remote url#1126
What kind of change does this PR introduce? (check at least one)
If changing the UI of default theme, please provide the before/after screenshot:
Does this PR introduce a breaking change? (check one)
If yes, please describe the impact and migration path for existing applications:
The PR fulfills these requirements:
When resolving a specific issue, it's referenced in the PR's title (e.g.
fix #xxx[,#xxx], where "xxx" is the issue number)You have tested in the following browsers: (Providing a detailed version will be better.)
Chrome
Firefox
Safari
Edge
IE