Page MenuHomeSoftware Heritage

assets/readme-rendering: Use dompurify as XSS filter
ClosedPublic

Authored by anlambert on Apr 12 2019, 2:52 PM.

Details

Summary

XSS filtering has recently been added to swh-web (D1322) for the rendering
of README files in markdown format.

But as @kalpitk noticed it, the rendering of images located in an origin source tree
is now broken.

So instead of using [[ https://github.com/VisionistInc/showdown-xss-filter | showdown-xss-filter ]] package, prefer to use the [[ https://github.com/cure53/DOMPurify | dompurify ]]
one which seems to have a good default white list for XSS filtering.

Related T1642

Diff Detail

Repository
rDWAPPS Web applications
Branch
better-xss-filtering
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 5401
Build 7315: tox-on-jenkinsJenkins
Build 7314: arc lint + arc unit

Event Timeline

Update: Simplify code and add XSS filtering for all supported README types

This revision is now accepted and ready to land.Apr 13 2019, 11:01 AM
This revision was automatically updated to reflect the committed changes.