Sanitize HTML links and images, enhance proxy URL validation#7791
Open
martinjagodic wants to merge 7 commits intomainfrom
Open
Sanitize HTML links and images, enhance proxy URL validation#7791martinjagodic wants to merge 7 commits intomainfrom
martinjagodic wants to merge 7 commits intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens client-side HTML handling in rich text/markdown widgets and strengthens proxy URL validation to reduce exposure to unsafe URL schemes and protocols across previews, paste handling, and proxy configuration.
Changes:
- Default
sanitize_previewtotruefor Richtext/Markdown previews and add tests for sanitizing dangerous link protocols. - Sanitize pasted HTML in the Markdown control’s HTML plugin and strip/drop unsafe link/image URLs during deserialization (with tests).
- Validate proxy/local backend URLs to only allow safe schemes, and add auth-related cleanup (nonce storage + PKCE verifier clearing) with tests.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/decap-server/src/middlewares/common/index.ts | Changes default CORS origin behavior to a localhost-only regex unless ORIGIN is set. |
| packages/decap-cms-widget-richtext/src/tests/renderer.spec.js | Adds coverage for sanitizing dangerous javascript: link URLs in preview. |
| packages/decap-cms-widget-richtext/src/RichtextPreview.js | Defaults preview sanitization on (sanitize_preview now defaults to true). |
| packages/decap-cms-widget-markdown/src/tests/renderer.spec.js | Adds coverage for sanitizing dangerous javascript: link URLs in preview. |
| packages/decap-cms-widget-markdown/src/MarkdownPreview.js | Defaults preview sanitization on (sanitize_preview now defaults to true). |
| packages/decap-cms-widget-markdown/src/MarkdownControl/plugins/html/withHtml.js | Sanitizes pasted HTML and filters unsafe link/image URLs during HTML-to-Slate deserialization. |
| packages/decap-cms-widget-markdown/src/MarkdownControl/plugins/html/tests/withHtml.spec.js | Tests unsafe link unwrap + unsafe image drop + safe image retention for paste handling. |
| packages/decap-cms-lib-auth/src/utils.js | Fixes nonce cleanup to remove from session storage (not local storage). |
| packages/decap-cms-lib-auth/src/pkce-oauth.js | Clears PKCE code verifier on additional error paths in completeAuth. |
| packages/decap-cms-lib-auth/src/tests/utils.spec.js | Tests nonce validation + session storage cleanup behavior. |
| packages/decap-cms-lib-auth/src/tests/pkce-oauth.spec.js | Tests PKCE verifier clearing on nonce/auth/OIDC error cases. |
| packages/decap-cms-core/src/actions/config.ts | Adds URL parsing/scheme checks before probing local proxy server URL. |
| packages/decap-cms-core/src/actions/tests/config.spec.js | Adds tests for unsafe/invalid local_backend.url early return (no fetch). |
| packages/decap-cms-backend-proxy/src/implementation.ts | Adds proxy_url scheme validation in Proxy backend constructor. |
| packages/decap-cms-backend-proxy/src/tests/implementation.spec.ts | Adds tests for allowed/rejected proxy_url values. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement HTML sanitization for links and images to prevent unsafe protocols.
Improve proxy URL validation to ensure only safe schemes are accepted, along with corresponding tests for these features.
Change default for sanitize_preview from false to true