scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-20 21:15:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Handle unsanitized markup in DOM (#4110)

Browse Source
This commit is contained in:
Fayaz Ahmed
2022-03-14 18:13:21 +05:30
committed by GitHub
parent e730804b48
commit dd1fe4f93a
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/javascript/shared/helpers/MessageFormatter.js
View File

@@ -47,7 +47,12 @@ class MessageFormatter {
const markedDownOutput = marked(withHash);
return markedDownOutput;
}
return marked(this.message, { breaks: true, gfm: true });
DOMPurify.addHook('afterSanitizeAttributes', node => {
if ('target' in node) node.setAttribute('target', '_blank');
});
return DOMPurify.sanitize(
marked(this.message, { breaks: true, gfm: true })
);
}
get formattedMessage() {