diff --git a/package.json b/package.json index 6109f32d25..c0714545bc 100644 --- a/package.json +++ b/package.json @@ -47,6 +47,7 @@ "array-move": "^4.0.0", "browserfs": "^1.4.3", "classnames": "^2.3.2", + "dompurify": "^3.1.6", "flexboxgrid": "^6.3.1", "flexboxgrid-helpers": "^1.1.3", "hastscript": "^9.0.0", @@ -109,6 +110,7 @@ "@testing-library/jest-dom": "^6.0.0", "@testing-library/react": "^14.0.0", "@testing-library/user-event": "^14.4.3", + "@types/dompurify": "^3.0.5", "@types/estree": "^1.0.5", "@types/gapi": "^0.0.44", "@types/gapi.auth2": "^0.0.57", diff --git a/src/commons/Markdown.tsx b/src/commons/Markdown.tsx index ea324f00a6..0a15c40e9a 100644 --- a/src/commons/Markdown.tsx +++ b/src/commons/Markdown.tsx @@ -1,5 +1,6 @@ import { Classes } from '@blueprintjs/core'; import classNames from 'classnames'; +import DOMPurify from 'dompurify'; import React from 'react'; import { Converter } from 'showdown'; @@ -24,7 +25,12 @@ const Markdown: React.FC = props => { return (
); }; diff --git a/src/commons/__tests__/__snapshots__/Markdown.tsx.snap b/src/commons/__tests__/__snapshots__/Markdown.tsx.snap index 589070ffae..6f07d3ffae 100644 --- a/src/commons/__tests__/__snapshots__/Markdown.tsx.snap +++ b/src/commons/__tests__/__snapshots__/Markdown.tsx.snap @@ -6,10 +6,10 @@ exports[`Markdown page renders correctly 1`] = ` dangerouslySetInnerHTML={ Object { "__html": "

Welcome to the Source Academy playground!

-

The book Structure and Interpretation of Computer Programs, JavaScript Edition -uses JavaScript sublanguages that we call Source. You have chosen the sublanguage Source §1.

-

In the editor on the left, you can use the Ace keyboard shortcuts -and also the Source Academy keyboard shortcuts.

", +

The book Structure and Interpretation of Computer Programs, JavaScript Edition +uses JavaScript sublanguages that we call Source. You have chosen the sublanguage Source §1.

+

In the editor on the left, you can use the Ace keyboard shortcuts +and also the Source Academy keyboard shortcuts.

", } } /> diff --git a/yarn.lock b/yarn.lock index baaed2d16d..564738d150 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2936,6 +2936,13 @@ dependencies: "@types/ms" "*" +"@types/dompurify@^3.0.5": + version "3.0.5" + resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-3.0.5.tgz#02069a2fcb89a163bacf1a788f73cb415dd75cb7" + integrity sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg== + dependencies: + "@types/trusted-types" "*" + "@types/eslint@^7.29.0 || ^8.4.1": version "8.21.1" resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.21.1.tgz#110b441a210d53ab47795124dbc3e9bb993d1e7c" @@ -3279,6 +3286,11 @@ resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.3.tgz#6209321eb2c1712a7e7466422b8cb1fc0d9dd5d8" integrity sha512-9aEbYZ3TbYMznPdcdr3SmIrLXwC/AKZXQeCf9Pgao5CKb8CyHuEX5jzWPTkvregvhRJHcpRO6BFoGW9ycaOkYw== +"@types/trusted-types@*": + version "2.0.7" + resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11" + integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw== + "@types/trusted-types@^2.0.2": version "2.0.3" resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311" @@ -5950,6 +5962,11 @@ domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" +dompurify@^3.1.6: + version "3.1.6" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.6.tgz#43c714a94c6a7b8801850f82e756685300a027e2" + integrity sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ== + domutils@^1.7.0: version "1.7.0" resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.7.0.tgz#56ea341e834e06e6748af7a1cb25da67ea9f8c2a"