diff --git a/gitstore-admin/package-lock.json b/gitstore-admin/package-lock.json index 942020b..6a592b7 100644 --- a/gitstore-admin/package-lock.json +++ b/gitstore-admin/package-lock.json @@ -15,7 +15,8 @@ "react-beautiful-dnd": "^13.1.1", "react-dom": "^18.2.0", "urql": "^5.0.1", - "uuid": "^9.0.1" + "uuid": "^9.0.1", + "dompurify": "^3.2.6" }, "devDependencies": { "@graphql-codegen/cli": "^7.0.0", @@ -10318,6 +10319,9 @@ "type": "github", "url": "https://github.com/sponsors/wooorm" } + }, + "node_modules/dompurify": { + "version": "3.2.6" } } } diff --git a/gitstore-admin/package.json b/gitstore-admin/package.json index cf1ffb0..82cbc46 100644 --- a/gitstore-admin/package.json +++ b/gitstore-admin/package.json @@ -18,7 +18,8 @@ "react-beautiful-dnd": "^13.1.1", "react-dom": "^18.2.0", "urql": "^5.0.1", - "uuid": "^9.0.1" + "uuid": "^9.0.1", + "dompurify": "^3.2.6" }, "devDependencies": { "@graphql-codegen/cli": "^7.0.0", diff --git a/gitstore-admin/src/components/shared/MarkdownEditor.tsx b/gitstore-admin/src/components/shared/MarkdownEditor.tsx index 7e12bf5..d8f3063 100644 --- a/gitstore-admin/src/components/shared/MarkdownEditor.tsx +++ b/gitstore-admin/src/components/shared/MarkdownEditor.tsx @@ -2,6 +2,7 @@ // Copyright (c) 2026 GitStore contributors import React, { useState } from 'react'; +import DOMPurify from 'dompurify'; interface MarkdownEditorProps { value: string; @@ -95,6 +96,8 @@ export function MarkdownEditor({ return html; }; + const sanitizedPreviewHtml = DOMPurify.sanitize(renderMarkdown(value)); + return (
{/* Toolbar */} @@ -220,7 +223,7 @@ export function MarkdownEditor({ ) : (
)}