fix(pastes): add stricter sanitization for markdown content

Signed-off-by: SphericalKat <amolele@gmail.com>
This commit is contained in:
Amogh Lele 2021-10-08 02:19:58 +05:30
parent 8e6cbc647e
commit ec4661fe44
No known key found for this signature in database
GPG Key ID: F0EA64BC1B44A7F3

View File

@ -9,8 +9,8 @@
<% end %> <% end %>
</div> </div>
<%= if @extension == "md" do%> <%= if @extension == "md" do%>
<div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.html5 %></div> <div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.markdown_html %></div>
<% else %> <% else %>
<code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.html5 %></code> <code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.strip_tags %></code>
<% end %> <% end %>
</div> </div>