Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[v9.4.x] Fix xss in Graphite functions tooltip (#805)
Fix xss in Graphite functions tooltip (#804) (cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055) Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
- Loading branch information
ef2eb2b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't the fix be something like this :
import DOMPurify from 'dompurify';
const FunctionDescription = React.lazy(async () => {
// @ts-ignore
const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
return {
default(props: { description?: string }) {
const sanitizedDescription = DOMPurify.sanitize(props.description ?? '');
return <div dangerouslySetInnerHTML={{ __html: rst2html(sanitizedDescription) }} />;
},
};
});