mirror of https://github.com/apache/superset.git
fix(dashboard): Prevent XSS attack vector (#21822)
Co-authored-by: Herbert Gainor <herbert.gainor@preset.io>
This commit is contained in:
parent
7c4102c20e
commit
ec20c0104e
|
@ -30,7 +30,7 @@ interface SafeMarkdownProps {
|
|||
|
||||
function isSafeMarkup(node: MarkdownAbstractSyntaxTree) {
|
||||
return node.type === 'html' && node.value
|
||||
? /href="(javascript|vbscript|file):.*"/gim.test(node.value) === false
|
||||
? !/(href|src)="(javascript|vbscript|file):.*"/gim.test(node.value)
|
||||
: true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue