diff options
Diffstat (limited to 'app/assets/javascripts/notebook/cells/markdown.vue')
-rw-r--r-- | app/assets/javascripts/notebook/cells/markdown.vue | 81 |
1 files changed, 37 insertions, 44 deletions
diff --git a/app/assets/javascripts/notebook/cells/markdown.vue b/app/assets/javascripts/notebook/cells/markdown.vue index fcb09ea90db..fa1afdcd16f 100644 --- a/app/assets/javascripts/notebook/cells/markdown.vue +++ b/app/assets/javascripts/notebook/cells/markdown.vue @@ -1,6 +1,6 @@ <script> import marked from 'marked'; -import sanitize from 'sanitize-html'; +import { sanitize } from 'dompurify'; import katex from 'katex'; import Prompt from './prompt.vue'; @@ -104,65 +104,58 @@ export default { return sanitize(marked(this.cell.source.join('').replace(/\\/g, '\\\\')), { // allowedTags from GitLab's inline HTML guidelines // https://docs.gitlab.com/ee/user/markdown.html#inline-html - allowedTags: [ + ALLOWED_TAGS: [ + 'a', + 'abbr', + 'b', + 'blockquote', + 'br', + 'code', + 'dd', + 'del', + 'div', + 'dl', + 'dt', + 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', - 'h7', - 'h8', - 'br', - 'b', + 'hr', 'i', - 'strong', - 'em', - 'a', - 'pre', - 'code', 'img', - 'tt', - 'div', 'ins', - 'del', - 'sup', - 'sub', - 'p', - 'ol', - 'ul', - 'table', - 'thead', - 'tbody', - 'tfoot', - 'blockquote', - 'dl', - 'dt', - 'dd', 'kbd', + 'li', + 'ol', + 'p', + 'pre', 'q', - 'samp', - 'var', - 'hr', - 'ruby', - 'rt', 'rp', - 'li', - 'tr', - 'td', - 'th', + 'rt', + 'ruby', 's', - 'strike', + 'samp', 'span', - 'abbr', - 'abbr', + 'strike', + 'strong', + 'sub', 'summary', + 'sup', + 'table', + 'tbody', + 'td', + 'tfoot', + 'th', + 'thead', + 'tr', + 'tt', + 'ul', + 'var', ], - allowedAttributes: { - '*': ['class', 'style'], - a: ['href'], - img: ['src'], - }, + ALLOWED_ATTR: ['class', 'style', 'href', 'src'], }); }, }, |