Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

浏览器客户端警告:Module "fs" has been externalized for browser compatibility #379

Closed
Bisstocuz opened this issue Oct 26, 2023 · 3 comments
Closed

浏览器客户端警告:Module "fs" has been externalized for browser compatibility #379

Bisstocuz opened this issue Oct 26, 2023 · 3 comments

Comments

@Bisstocuz
Copy link

Describe the issue

问题说明

当使用 Vite 4 进行 pnpm dev 预览时,浏览器会弹出标题的警告,这一警告源自 sanitize-html 的依赖库。

建议

目前看来上游仓库似乎已经缺乏这方面的支持与维护了,是否考虑增加其它 XSS 防范库的支持?

参考

相关:

Procedure version

任意

Reproduction link

No response
@imzbf
Copy link
Owner

imzbf commented Oct 26, 2023
edited
Loading

内部编译markdown文本的核心库已经提供了基础了这类功能了,比如输入<script>console.log(2)</script>并不会执行日志输出。

内部没有依赖这类库,在md-editor-v3^4.0.0以后,如果不是特别的情况,默认的就可以了

@imzbf imzbf closed this as completed Oct 27, 2023
@Bisstocuz
Copy link
Author

内部编译markdown文本的核心库已经提供了基础了这类功能了,比如输入<script>console.log(2)</script>并不会执行日志输出。

内部没有依赖这类库,在md-editor-v3^4.0.0以后,如果不是特别的情况,默认的就可以了

您的意思是说哪怕不给 :sanitize 实例,编辑器也有足够用的默认安全机制?

@imzbf
Copy link
Owner

imzbf commented Oct 27, 2023

内部编译markdown文本的核心库已经提供了基础了这类功能了,比如输入<script>console.log(2)</script>并不会执行日志输出。
内部没有依赖这类库,在md-editor-v3^4.0.0以后,如果不是特别的情况,默认的就可以了

您的意思是说哪怕不给 :sanitize 实例,编辑器也有足够用的默认安全机制?

是的,这个属性其实是2.0版本使用的,但是考虑到部分小伙伴会有特殊的要求,就保留了这个属性

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@imzbf @Bisstocuz