hazza/dspace-angular
1
0
Fork 1
mirror of https://github.com/DSpace/dspace-angular.git synced 2025-10-09 19:13:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always sanitize HTML in dsMarkdown even if markdown disabled

Browse Source 
Instead of setting innerHTML directly to value, sanitize
the value, even if not passing to renderMarkdown/Mathjax
This commit is contained in:
Kim Shepherd
2024-10-01 13:12:10 +02:00
parent 779ff47260
commit 8fb4772b6c
2 changed files with 54 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/app/shared/utils/markdown.directive.ts
View File

@@ -55,7 +55,7 @@ export class MarkdownDirective implements OnInit, OnDestroy {
async render(value: string, forcePreview = false): Promise<SafeHtml> {
if (isEmpty(value) || (!environment.markdown.enabled && !forcePreview)) {
this.el.innerHTML = value;
this.el.innerHTML = this.sanitizer.sanitize(SecurityContext.HTML, value);
return;
} else {
if (environment.markdown.mathjax) {