mirror of
https://github.com/apache/superset.git
synced 2024-09-16 02:29:39 -04:00
fix(dashboard): Prevent XSS attack vector (#21822)
Co-authored-by: Herbert Gainor <herbert.gainor@preset.io>
This commit is contained in:
parent
7c4102c20e
commit
ec20c0104e
@ -30,7 +30,7 @@ interface SafeMarkdownProps {
|
|||||||
|
|
||||||
function isSafeMarkup(node: MarkdownAbstractSyntaxTree) {
|
function isSafeMarkup(node: MarkdownAbstractSyntaxTree) {
|
||||||
return node.type === 'html' && node.value
|
return node.type === 'html' && node.value
|
||||||
? /href="(javascript|vbscript|file):.*"/gim.test(node.value) === false
|
? !/(href|src)="(javascript|vbscript|file):.*"/gim.test(node.value)
|
||||||
: true;
|
: true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user