Ailur
/
burgernotes-client-web
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Added a sanitsation layer on top of the sandbox, just in case

This commit is contained in:
Tracker-Friendly 2024-06-26 00:53:44 +01:00
parent 115bd5236f
commit cdc6450170
3 changed files with 1570 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/index.html
View File

@ -9,6 +9,7 @@
<link rel="stylesheet" type="text/css" href="/static/css/style.css" /> <link rel="stylesheet" type="text/css" href="/static/css/style.css" />
<script type="text/javascript" src="/static/js/crypto-js.js"></script> <script type="text/javascript" src="/static/js/crypto-js.js"></script>
<script type="text/javascript" src="/static/js/marked.js"></script> <script type="text/javascript" src="/static/js/marked.js"></script>
<script type="text/javascript" src="/static/js/purify.js"></script>
<link rel="icon" href="/static/svg/favicon.svg"> <link rel="icon" href="/static/svg/favicon.svg">
</head> </head>

8
static/js/main.js
View File

@ -192,7 +192,7 @@ function updateFont() {
noteBox.style.fontSize = currentFontSize + "px" noteBox.style.fontSize = currentFontSize + "px"
textSizeBox.innerText = currentFontSize + "px" textSizeBox.innerText = currentFontSize + "px"
if (markdowntoggle) { if (markdowntoggle) {
markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(noteBox.value) + "</html>"; markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(DOMPurify.sanitize(noteBox.value)) + "</html>";
} }
} }
@ -417,7 +417,7 @@ function updateWordCount() {
function renderMarkDown() { function renderMarkDown() {
if (markdowntoggle) { if (markdowntoggle) {
markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(noteBox.value) + "</html>" markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(DOMPurify.sanitize(noteBox.value)) + "</html>"
} }
} }
@ -650,7 +650,7 @@ newNote.addEventListener("click", () => {
}); });
}); });
function downloadObjectAsJson(exportObj, exportName) { function downloadObjectAsJson(exportObj, exportName) {
let dataStr = "data:text/json;charset=utf-8," + encodeURIComponent(JSON.stringify(exportObj)); let dataStr = "data:text/json;charset=utf-8," + DOMPurify.sanitize(JSON.stringify(exportObj));
let downloadAnchorNode = document.createElement("a"); let downloadAnchorNode = document.createElement("a");
downloadAnchorNode.setAttribute("href", dataStr); downloadAnchorNode.setAttribute("href", dataStr);
downloadAnchorNode.setAttribute("download", exportName + ".json"); downloadAnchorNode.setAttribute("download", exportName + ".json");
@ -799,7 +799,7 @@ removeBox.addEventListener("click", () => {
}); });
document.addEventListener("DOMContentLoaded", function() { document.addEventListener("DOMContentLoaded", function() {
markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(noteBox.value) + "</html>" markdown.srcdoc = "<!DOCTYPE html><html lang='en'><style>html { height: 100% } pre { white-space: pre-wrap; overflow-wrap: break-word; } body { white-space: pre-wrap; overflow-wrap: break-word; font-family: 'Inter', sans-serif; height: 100%; color: " + getComputedStyle(document.documentElement).getPropertyValue('--text-color') + "; font-size: " + currentFontSize + "px; }</style>" + marked.parse(DOMPurify.sanitize(noteBox.value)) + "</html>"
}); });
if (firstNewVersion()) { if (firstNewVersion()) {

1565
static/js/purify.js Normal file
View File

File diff suppressed because it is too large Load Diff