jeffemmett
/
postiz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: safer replacement to avoid <Script /> injections

This commit is contained in:
Nevo David 2025-07-21 17:51:47 +07:00
parent df22e642f9
commit 9ed403aff2
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libraries/helpers/src/utils/strip.html.validation.ts
View File

@ -138,7 +138,7 @@ export const stripHtmlValidation = (
none = false
): string => {
if (type === 'html') {
return value;
return striptags(value, ['ul', 'ol', 'li', 'h1', 'h2', 'h3', 'p', 'strong', 'u']);
}
if (type === 'markdown') {
@ -178,7 +178,6 @@ export const convertLinkedinMention = (value: string) => {
return value.replace(
/<span.+?data-linkedin-id="(.+?)".+?>(.+?)<\/span>/gi,
(match, id, name) => {
console.log(id, name);
return `@[${name.replace('@', '')}](${id})`;
}
);