From 4cdf49aedd8de073015b6945a529399c3bfa109a Mon Sep 17 00:00:00 2001 From: charlie Date: Fri, 25 Apr 2025 12:28:59 +0800 Subject: [PATCH] fix(plugins): avoid xss for the injected readme html content --- gulpfile.js | 1 + resources/marketplace.html | 3 ++- src/main/frontend/components/plugins.cljs | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/gulpfile.js b/gulpfile.js index ad347250f0..2dfd361814 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -72,6 +72,7 @@ const common = { 'node_modules/react-dom/umd/react-dom.production.min.js', 'node_modules/react-dom/umd/react-dom.development.js', 'node_modules/prop-types/prop-types.min.js', + 'node_modules/dompurify/dist/purify.js', ]).pipe(gulp.dest(path.join(outputPath, 'js'))), () => gulp.src([ 'node_modules/@tabler/icons-react/dist/umd/tabler-icons-react.min.js', diff --git a/resources/marketplace.html b/resources/marketplace.html index 8aec5813d2..22b8cdea98 100644 --- a/resources/marketplace.html +++ b/resources/marketplace.html @@ -69,6 +69,7 @@
+