-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Sanitize] Sanitize content in Displayer and in Playground #32
Conversation
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/kisskissbankbank/underwood/C5RGCppVJ3UqZZ6uHd6yJtQU6saZ |
64d582e
to
864ffc3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
C'est bien ce que je craignais. Du coup les iframe ne sont pas prises en compte. Ça ne fonctionne pas en l'état. Si tu veux ajouter une vidéo pour exemple ça ne l'affiche pas dans le Displayer
864ffc3
to
51627b1
Compare
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Je valide mon propre code
Ce n'ai pas vraiment possible de "purify" une iframe
cure53/DOMPurify#566
Du coup j'ai mis en sécu le fait d'avoir un nombre limité de props possibles sur son iframe
et j'ai sanitize l'url du src
via https://github.com/braintree/sanitize-url
J'ai l'impression que ça couvre pas mal de cas
Sanitize des données du
Displayer
et duPlayground