yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Disallow data: URI's for images

Browse Source
This commit is contained in:
Tom Moor
2022-08-09 16:31:09 +02:00
parent 5640ec30cc
commit e5c5e8907a
6 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
shared/editor/nodes/Embed.tsx
View File

@@ -2,7 +2,7 @@ import Token from "markdown-it/lib/token";
import { NodeSpec, NodeType, Node as ProsemirrorNode } from "prosemirror-model";
import { EditorState } from "prosemirror-state";
import * as React from "react";
import { sanitizeHref } from "../../utils/urls";
import { sanitizeUrl } from "../../utils/urls";
import DisabledEmbed from "../components/DisabledEmbed";
import { MarkdownSerializerState } from "../lib/markdown/serializer";
import embedsRule from "../rules/embeds";
@@ -50,7 +50,7 @@ export default class Embed extends Node {
"iframe",
{
class: "embed",
src: sanitizeHref(node.attrs.href),
src: sanitizeUrl(node.attrs.href),
contentEditable: "false",
},
0,