self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-07-16 00:14:34 +02:00
Code Issues Releases Activity

Merge pull request from GHSA-m59c-9rrj-c399

Browse Source 
* Sanitize HTML in processPastedHtml

* Add test
This commit is contained in:
Henry Heino
2023-07-27 07:41:57 -07:00
committed by GitHub
parent b9659bb9c1
commit a0ec928fca
6 changed files with 48 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/app-desktop/gui/NoteEditor/utils/resourceHandling.ts
View File

@ -6,6 +6,7 @@ import Resource from '@joplin/lib/models/Resource';
const bridge = require('@electron/remote').require('./bridge').default;
import ResourceFetcher from '@joplin/lib/services/ResourceFetcher';
import htmlUtils from '@joplin/lib/htmlUtils';
import rendererHtmlUtils from '@joplin/renderer/htmlUtils';
import Logger from '@joplin/lib/Logger';
const { fileUriToPath } = require('@joplin/lib/urlUtils');
const joplinRendererUtils = require('@joplin/renderer').utils;
@ -173,7 +174,9 @@ export async function processPastedHtml(html: string) {
}
}
return htmlUtils.replaceImageUrls(html, (src: string) => {
return mappedResources[src];
});
return rendererHtmlUtils.sanitizeHtml(
htmlUtils.replaceImageUrls(html, (src: string) => {
return mappedResources[src];
})
);
}