security: Use commonmarkjs with {safe: true} as intended.

This commit is contained in:
Cory McWilliams 2024-11-12 20:43:03 -05:00
parent 9b00b41a1e
commit 559504ae29
13 changed files with 19 additions and 19 deletions

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "📜", "emoji": "📜",
"previous": "&miGORZ8BwjHg2YO0t4bms6SI28XWPYqnqOZ8u9zsbZc=.sha256" "previous": "&BEf0nraBdHk/+PWqx6tOSu5rheWVaxaL7orAOz3285M=.sha256"
} }

View File

@ -21,7 +21,7 @@ function* treeify(prefix, o) {
function markdown(md) { function markdown(md) {
let parsed = new commonmark.Parser().parse(md ?? '*undocumented*'); let parsed = new commonmark.Parser().parse(md ?? '*undocumented*');
return new commonmark.HtmlRenderer().render(parsed); return new commonmark.HtmlRenderer({safe: true}).render(parsed);
} }
function document(api) { function document(api) {

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "🪵", "emoji": "🪵",
"previous": "&TIrBnpN3iz3O9L9MCCteAcVJZjA83EKdcfu4SCM76VE=.sha256" "previous": "&3jabNEk6W2uolzTvfXX6fcWF50N3501vtgZ6ZxFVJ1s=.sha256"
} }

View File

@ -52,8 +52,8 @@ export async function get_blog_message(id) {
} }
export function markdown(md) { export function markdown(md) {
let reader = new commonmark.Parser({safe: true}); let reader = new commonmark.Parser();
let writer = new commonmark.HtmlRenderer(); let writer = new commonmark.HtmlRenderer({safe: true});
let parsed = reader.parse(md || ''); let parsed = reader.parse(md || '');
let walker = parsed.walker(); let walker = parsed.walker();
let event, node; let event, node;

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "🦟", "emoji": "🦟",
"previous": "&cUqvSDUls3jn0haD85LPFAGdkc8wFuy347TtATNcJgg=.sha256" "previous": "&4QfQjoCbdmCRu0nIBdOFiHBydYlDyyXrWqve6ELAmKA=.sha256"
} }

View File

@ -61,8 +61,8 @@ function image(node, entering) {
} }
export function markdown(md) { export function markdown(md) {
var reader = new commonmark.Parser({safe: true}); var reader = new commonmark.Parser();
var writer = new commonmark.HtmlRenderer(); var writer = new commonmark.HtmlRenderer({safe: true});
writer.image = image; writer.image = image;
var parsed = reader.parse(md || ''); var parsed = reader.parse(md || '');
parsed = linkify.transform(parsed); parsed = linkify.transform(parsed);

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "📝", "emoji": "📝",
"previous": "&b//KqE4Vx6kOSBRODK1p/8wjOLKZJ+CBB5IkaBt5YsM=.sha256" "previous": "&5LpOTEnor/rYFk3axyfmmehAoq9aEwNQRH4jwNhRQ7o=.sha256"
} }

View File

@ -18,8 +18,8 @@ class TfJournalEntryElement extends LitElement {
} }
markdown(md) { markdown(md) {
var reader = new commonmark.Parser({safe: true}); var reader = new commonmark.Parser();
var writer = new commonmark.HtmlRenderer(); var writer = new commonmark.HtmlRenderer({safe: true});
var parsed = reader.parse(md || ''); var parsed = reader.parse(md || '');
return writer.render(parsed); return writer.render(parsed);
} }

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "🐌", "emoji": "🐌",
"previous": "&+UZSxjoucLAl5r/nfRNu5KXx3K/PdutGnizL/Cn2eCU=.sha256" "previous": "&GDAJLaMKjeSXooWgpbw7G/40hgtRT1mYVK2twtEhWHA=.sha256"
} }

View File

@ -81,8 +81,8 @@ function attrs(node) {
} }
export function markdown(md) { export function markdown(md) {
let reader = new commonmark.Parser({safe: true}); let reader = new commonmark.Parser();
let writer = new commonmark.HtmlRenderer(); let writer = new commonmark.HtmlRenderer({safe: true});
writer.image = image; writer.image = image;
writer.code = code; writer.code = code;
writer.attrs = attrs; writer.attrs = attrs;

View File

@ -1,5 +1,5 @@
{ {
"type": "tildefriends-app", "type": "tildefriends-app",
"emoji": "📝", "emoji": "📝",
"previous": "&DaYqKHRBKhjFGaOzbKZ1+/pLspJeEkDJYTF2B50tH6k=.sha256" "previous": "&4F4D8+QlJVaxXywChQrNTdSV4Y3TvJ0xxqdq/i9HUWA=.sha256"
} }

View File

@ -2,8 +2,8 @@ import * as utils from './utils.js';
import * as commonmark from './commonmark.min.js'; import * as commonmark from './commonmark.min.js';
function markdown(md) { function markdown(md) {
let reader = new commonmark.Parser({safe: true}); let reader = new commonmark.Parser();
let writer = new commonmark.HtmlRenderer(); let writer = new commonmark.HtmlRenderer({safe: true});
let parsed = reader.parse(md || ''); let parsed = reader.parse(md || '');
let walker = parsed.walker(); let walker = parsed.walker();
let event; let event;

View File

@ -20,8 +20,8 @@ class TfWikiDocElement extends LitElement {
} }
markdown(md) { markdown(md) {
let reader = new commonmark.Parser({safe: true}); let reader = new commonmark.Parser();
let writer = new commonmark.HtmlRenderer(); let writer = new commonmark.HtmlRenderer({safe: true});
let parsed = reader.parse(md || ''); let parsed = reader.parse(md || '');
let walker = parsed.walker(); let walker = parsed.walker();
let event; let event;