Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-05-24 01:18:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[docs] sanitize html input for comments (#2677)

Browse source
This commit is contained in:
Gandharv 2022-03-31 08:39:47 +05:00 committed by GitHub
parent b721cd4150
commit b55b260c89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
frontend/src/Editor/Comment/index.jsx
View file

@ -9,6 +9,7 @@ import CommentFooter from '@/Editor/Comment/CommentFooter';
import usePopover from '@/_hooks/use-popover';
import { commentsService } from '@/_services';
import useRouter from '@/_hooks/use-router';
import DOMPurify from 'dompurify';
const Comment = ({
socket,
@ -78,7 +79,7 @@ const Comment = ({
const handleSubmit = async (comment) => {
await commentsService.createComment({
threadId,
comment,
comment: DOMPurify.sanitize(comment),
appVersionsId,
});
socket.send(
@ -97,7 +98,7 @@ const Comment = ({
};
const handleEdit = async (comment, cid) => {
await commentsService.updateComment(cid, { comment });
await commentsService.updateComment(cid, { comment: DOMPurify.sanitize(comment) });
fetchData();
socket.send(
JSON.stringify({