Skip to content

Commit

Permalink
xss protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@Clevis22
Clevis22 committed Mar 3, 2024
1 parent 2410554 commit eacc59f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,5 +58,6 @@
<script src="script.js"></script>
<script src="shortcuts.js"></script>
<script src="dependencies/highlight.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.9/purify.min.js" integrity="sha512-9+ilAOeXY8qy2bw/h51MmliNNHvdyhTpLIlqDmVpD26z8VjVJsUJtk5rhbDIUvYiD+EpGoAu0xTa7MhZohFQjA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
</body>
</html>
4 changes: 3 additions & 1 deletion script.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,9 @@ editor.addEventListener('input', () => {
// get the message from the worker
previewWorker.addEventListener('message', function(event) {
var scrollTop = preview.scrollTop;
preview.innerHTML = event.data;
var cleanHTML = DOMPurify.sanitize(event.data); // Sanitize received HTML
preview.innerHTML = cleanHTML;
//preview.innerHTML = event.data;
// Ensure scrolling happens after rendering
requestAnimationFrame(function() {
preview.scrollTop = scrollTop;
Expand Down

0 comments on commit eacc59f

Please sign in to comment.