Page MenuHomeSoftware Heritage

assets/readme-rendering: Use dompurify as XSS filter
ClosedPublic

Authored by anlambert on Apr 12 2019, 2:52 PM.

Details

Summary

XSS filtering has recently been added to swh-web (D1322) for the rendering
of README files in markdown format.

But as @kalpitk noticed it, the rendering of images located in an origin source tree
is now broken.

So instead of using showdown-xss-filter package, prefer to use the dompurify
one which seems to have a good default white list for XSS filtering.

Related T1642

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Apr 12 2019, 2:52 PM
anlambert updated this revision to Diff 4550.Apr 12 2019, 3:06 PM

Update: Simplify code and add XSS filtering for all supported README types

anlambert edited the summary of this revision. (Show Details)Apr 12 2019, 3:07 PM
ardumont accepted this revision.Apr 13 2019, 11:01 AM
This revision is now accepted and ready to land.Apr 13 2019, 11:01 AM
This revision was automatically updated to reflect the committed changes.