Merge commit from fork

* Sanitize markdown when rendering notes fields * Update helpers.py * Update mixins.py * format * format * Allow horizontal rule in markdown * Display returned error mesage * More instructive error msg * Specify output_format to markdown.markdown Ref: https://python-markdown.github.io/reference/markdown/serializers/ * Cleanup * Adjust allowable markdown tags * Add unit test for malicious markdown XSS --------- Co-authored-by: Matthias Mair <code@mjmair.com>
2025-10-31 21:25:42 +00:00 · 2024-10-07 08:57:47 +11:00
parent a323bf0007
commit 846b17aa1d
10 changed files with 122 additions and 7 deletions
--- a/src/frontend/yarn.lock
+++ b/src/frontend/yarn.lock
@@ -2578,6 +2578,11 @@ dom-helpers@^5.0.1:
    "@babel/runtime" "^7.8.7"
    csstype "^3.0.2"

+dompurify@^3.1.7:
+  version "3.1.7"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.7.tgz#711a8c96479fb6ced93453732c160c3c72418a6a"
+  integrity sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==
+
 easymde@^2.18.0:
  version "2.18.0"
  resolved "https://registry.yarnpkg.com/easymde/-/easymde-2.18.0.tgz#ff1397d07329b1a7b9187d2d0c20766fa16b3b1b"