mirror of
https://github.com/fastmail/Squire.git
synced 2025-01-18 04:32:28 -05:00
Fix potential null deref when sanitizing html
This commit is contained in:
parent
1c2359550d
commit
e35ad32c09
4 changed files with 18 additions and 16 deletions
|
@ -55,8 +55,8 @@ You can override this by setting properties on the config object (the second arg
|
||||||
* **isSetHTMLSanitized**: `Boolean`
|
* **isSetHTMLSanitized**: `Boolean`
|
||||||
Should the HTML passed via calls to `setHTML` be passed to the sanitizer? If your app always sanitizes the HTML in some other way before calling this, you may wish to set this to `false` to avoid the overhead.
|
Should the HTML passed via calls to `setHTML` be passed to the sanitizer? If your app always sanitizes the HTML in some other way before calling this, you may wish to set this to `false` to avoid the overhead.
|
||||||
* **isInsertedHTMLSanitized**: `Boolean` (defaults to `true`) – Should the HTML passed via calls to `insertHTML` be passed to the sanitizer? This includes when the user pastes from the clipboard. Since you cannot control what other apps put on the clipboard, it is highly recommended you do not set this to `false`.
|
* **isInsertedHTMLSanitized**: `Boolean` (defaults to `true`) – Should the HTML passed via calls to `insertHTML` be passed to the sanitizer? This includes when the user pastes from the clipboard. Since you cannot control what other apps put on the clipboard, it is highly recommended you do not set this to `false`.
|
||||||
* **sanitizeToDOMFragment**: `(html: String, isPaste: Boolean) -> DOMFragment`
|
* **sanitizeToDOMFragment**: `(html: String, isPaste: Boolean, self: Squire) -> DOMFragment`
|
||||||
A custom sanitization function. This will be called instead of the default call to DOMPurify to sanitize the potentially dangerous HTML. It is passed two arguments: the first is the string of HTML, the second is a boolean indicating if this content has come from the clipboard, rather than an explicit call by your own code. It must return a DOM Fragment node belonging to the same document as the editor's root node, with the contents being clean DOM nodes to set/insert.
|
A custom sanitization function. This will be called instead of the default call to DOMPurify to sanitize the potentially dangerous HTML. It is passed three arguments: the first is the string of HTML, the second is a boolean indicating if this content has come from the clipboard, rather than an explicit call by your own code, the third is the squire instance. It must return a DOM Fragment node belonging to the same document as the editor's root node, with the contents being clean DOM nodes to set/insert.
|
||||||
|
|
||||||
Advanced usage
|
Advanced usage
|
||||||
--------------
|
--------------
|
||||||
|
|
|
@ -2561,13 +2561,14 @@ function Squire ( root, config ) {
|
||||||
|
|
||||||
var proto = Squire.prototype;
|
var proto = Squire.prototype;
|
||||||
|
|
||||||
var sanitizeToDOMFragment = function ( html/*, isPaste*/ ) {
|
var sanitizeToDOMFragment = function ( html, isPaste, self ) {
|
||||||
var frag = DOMPurify.sanitize( html, {
|
var doc = self._doc;
|
||||||
|
var frag = html ? DOMPurify.sanitize( html, {
|
||||||
WHOLE_DOCUMENT: false,
|
WHOLE_DOCUMENT: false,
|
||||||
RETURN_DOM: true,
|
RETURN_DOM: true,
|
||||||
RETURN_DOM_FRAGMENT: true
|
RETURN_DOM_FRAGMENT: true
|
||||||
});
|
}) : null;
|
||||||
return doc.importNode( frag, true );
|
return frag ? doc.importNode( frag, true ) : doc.createDocumentFragment();
|
||||||
};
|
};
|
||||||
|
|
||||||
proto.setConfig = function ( config ) {
|
proto.setConfig = function ( config ) {
|
||||||
|
@ -3994,7 +3995,7 @@ proto.setHTML = function ( html ) {
|
||||||
|
|
||||||
// Parse HTML into DOM tree
|
// Parse HTML into DOM tree
|
||||||
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
||||||
frag = sanitizeToDOMFragment( html, false );
|
frag = sanitizeToDOMFragment( html, false, this );
|
||||||
} else {
|
} else {
|
||||||
div = this.createElement( 'DIV' );
|
div = this.createElement( 'DIV' );
|
||||||
div.innerHTML = html;
|
div.innerHTML = html;
|
||||||
|
@ -4147,7 +4148,7 @@ proto.insertHTML = function ( html, isPaste ) {
|
||||||
// including the full <head> of the page. Need to strip this out. If
|
// including the full <head> of the page. Need to strip this out. If
|
||||||
// available use DOMPurify to parse and sanitise.
|
// available use DOMPurify to parse and sanitise.
|
||||||
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
||||||
frag = sanitizeToDOMFragment( html, isPaste );
|
frag = sanitizeToDOMFragment( html, isPaste, this );
|
||||||
} else {
|
} else {
|
||||||
if ( isPaste ) {
|
if ( isPaste ) {
|
||||||
startFragmentIndex = html.indexOf( '<!--StartFragment-->' );
|
startFragmentIndex = html.indexOf( '<!--StartFragment-->' );
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -149,13 +149,14 @@ function Squire ( root, config ) {
|
||||||
|
|
||||||
var proto = Squire.prototype;
|
var proto = Squire.prototype;
|
||||||
|
|
||||||
var sanitizeToDOMFragment = function ( html/*, isPaste*/ ) {
|
var sanitizeToDOMFragment = function ( html, isPaste, self ) {
|
||||||
var frag = DOMPurify.sanitize( html, {
|
var doc = self._doc;
|
||||||
|
var frag = html ? DOMPurify.sanitize( html, {
|
||||||
WHOLE_DOCUMENT: false,
|
WHOLE_DOCUMENT: false,
|
||||||
RETURN_DOM: true,
|
RETURN_DOM: true,
|
||||||
RETURN_DOM_FRAGMENT: true
|
RETURN_DOM_FRAGMENT: true
|
||||||
});
|
}) : null;
|
||||||
return doc.importNode( frag, true );
|
return frag ? doc.importNode( frag, true ) : doc.createDocumentFragment();
|
||||||
};
|
};
|
||||||
|
|
||||||
proto.setConfig = function ( config ) {
|
proto.setConfig = function ( config ) {
|
||||||
|
@ -1582,7 +1583,7 @@ proto.setHTML = function ( html ) {
|
||||||
|
|
||||||
// Parse HTML into DOM tree
|
// Parse HTML into DOM tree
|
||||||
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
||||||
frag = sanitizeToDOMFragment( html, false );
|
frag = sanitizeToDOMFragment( html, false, this );
|
||||||
} else {
|
} else {
|
||||||
div = this.createElement( 'DIV' );
|
div = this.createElement( 'DIV' );
|
||||||
div.innerHTML = html;
|
div.innerHTML = html;
|
||||||
|
@ -1735,7 +1736,7 @@ proto.insertHTML = function ( html, isPaste ) {
|
||||||
// including the full <head> of the page. Need to strip this out. If
|
// including the full <head> of the page. Need to strip this out. If
|
||||||
// available use DOMPurify to parse and sanitise.
|
// available use DOMPurify to parse and sanitise.
|
||||||
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
if ( typeof sanitizeToDOMFragment === 'function' ) {
|
||||||
frag = sanitizeToDOMFragment( html, isPaste );
|
frag = sanitizeToDOMFragment( html, isPaste, this );
|
||||||
} else {
|
} else {
|
||||||
if ( isPaste ) {
|
if ( isPaste ) {
|
||||||
startFragmentIndex = html.indexOf( '<!--StartFragment-->' );
|
startFragmentIndex = html.indexOf( '<!--StartFragment-->' );
|
||||||
|
|
Loading…
Add table
Reference in a new issue