Commit d34204cf authored by Curtis Adam's avatar Curtis Adam

Add the DOMPurify plugin for the frontend

parent 60e362a6
......@@ -70,3 +70,4 @@ czbaker:lightbox2
fastclick
jquery@1.11.10
east5th:package-scan
wtfzn:dompurify
......@@ -253,4 +253,5 @@ url@1.2.0
webapp@1.5.0
webapp-hashing@1.0.9
wtfzn:bootstrap-markdown@2.8.0
wtfzn:dompurify@0.6.1
zimme:active-route@2.3.2
......@@ -7,6 +7,7 @@ import {Notifications} from "./notifications.js";
import {Ratings} from "./ratings.js";
import {check} from "meteor/check";
import {gotLearningModes} from "./cardTypes.js";
import DOMPurify from 'dompurify';
export const Cardsets = new Mongo.Collection("cardsets");
......@@ -571,7 +572,6 @@ Meteor.methods({
if (cardset.learningActive) {
cardType = cardset.cardType;
}
Cardsets.update(id, {
$set: {
name: name.trim(),
......
......@@ -12,6 +12,7 @@ import {toggleFullscreen} from "../../ui/card/card";
import {Paid} from "../../api/paid";
import {getUserLanguage} from "../../startup/client/i18n";
import {gotDifficultyLevel, gotNotesForDifficultyLevel} from "../../api/cardTypes";
import DOMPurify from 'dompurify';
Meteor.subscribe("collegesCourses");
......@@ -481,7 +482,7 @@ Template.registerHelper("getMaximumText", function (text) {
const helper = new MeteorMathJax.Helper({
useCache: true,
transform: function (x) {
return lib.setLightBoxes(window.markdeep.format(x, true));
return DOMPurify.sanitize(lib.setLightBoxes(window.markdeep.format(x, true)));
}
});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment