Python-Markdown-Editor icon indicating copy to clipboard operation
Python-Markdown-Editor copied to clipboard
verified publisher icon ncornette

feat: bundle dompurify to sanitize malicious HTML

Open snoopysecurity opened this issue 5 years ago • 1 comments

Currently the markdown-editor is vulnerable to XSS. This PR introduces DOMPurify (https://github.com/cure53/DOMPurify) which cleans potential malicious JavaScript.

snoopysecurity avatar Feb 29 '20 23:02 snoopysecurity

Codecov Report

Merging #22 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #22   +/-   ##
=======================================
  Coverage   21.46%   21.46%           
=======================================
  Files           3        3           
  Lines         219      219           
=======================================
  Hits           47       47           
  Misses        172      172

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 5ba38e1...a728b78. Read the comment docs.

codecov[bot] avatar Feb 29 '20 23:02 codecov[bot]