diff --git a/client/web/package.json b/client/web/package.json index 5ac7526e..e840b9f3 100644 --- a/client/web/package.json +++ b/client/web/package.json @@ -72,6 +72,7 @@ "react-virtualized-auto-sizer": "^1.0.7", "react-virtuoso": "^4.4.0", "rehype-raw": "^6.1.1", + "rehype-sanitize": "^6.0.0", "remark-gfm": "^3.0.1", "socket.io-client": "^4.6.1", "source-ref-runtime": "^1.0.7", diff --git a/client/web/src/components/Markdown/render.tsx b/client/web/src/components/Markdown/render.tsx index 86aa43fb..ec0d23b7 100644 --- a/client/web/src/components/Markdown/render.tsx +++ b/client/web/src/components/Markdown/render.tsx @@ -4,8 +4,8 @@ import { isValidStr, parseUrlStr, useTranslation } from 'tailchat-shared'; import { Loadable } from '../Loadable'; import { Image } from 'tailchat-design'; import remarkGfm from 'remark-gfm'; -// import rehypeRaw from 'rehype-raw'; -// import rehypeSanitize from 'rehype-sanitize'; +import rehypeRaw from 'rehype-raw'; +import rehypeSanitize from 'rehype-sanitize'; import './render.less'; // eslint-disable-next-line @typescript-eslint/ban-ts-comment @@ -82,7 +82,7 @@ export const Markdown: React.FC<{ transformImageUri={(src) => transformUrl(src)} transformLinkUri={(href) => transformUrl(href)} remarkPlugins={[remarkGfm]} - // rehypePlugins={[rehypeRaw, rehypeSanitize]} + rehypePlugins={[rehypeRaw, rehypeSanitize]} linkTarget="_blank" skipHtml={true} components={components} diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4f7941ee..ae6045c4 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -755,6 +755,9 @@ importers: rehype-raw: specifier: ^6.1.1 version: 6.1.1 + rehype-sanitize: + specifier: ^6.0.0 + version: 6.0.0 remark-gfm: specifier: ^3.0.1 version: 3.0.1 @@ -12245,6 +12248,12 @@ packages: dependencies: '@types/unist': 3.0.0 + /@types/hast@3.0.4: + resolution: {integrity: sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==} + dependencies: + '@types/unist': 3.0.0 + dev: false + /@types/history@4.7.11: resolution: {integrity: sha512-qjDJRrmvBMiTx+jyLxvLfJU7UznFuokDv4f3WRuriHKERccVpFU+8XMQUAbDzoiJCsmexxRExQeMwwCdamSKDA==} @@ -13146,6 +13155,10 @@ packages: eslint-visitor-keys: 3.3.0 dev: true + /@ungap/structured-clone@1.2.1: + resolution: {integrity: sha512-fEzPV3hSkSMltkw152tJKNARhOupqbH96MZWyRjNaYZOMIzbrTeQDG+MTc6Mr2pgzFQzFxAfmhGDNP5QK++2ZA==} + dev: false + /@use-gesture/core@10.2.24: resolution: {integrity: sha512-ZL7F9mgOn3Qlnp6QLI9jaOfcvqrx6JPE/BkdVSd8imveaFTm/a3udoO6f5Us/1XtqnL4347PsIiK6AtCvMHk2Q==} dev: false @@ -19273,7 +19286,7 @@ packages: dependencies: loader-utils: 2.0.4 schema-utils: 3.1.1 - webpack: 5.75.0(esbuild@0.15.18) + webpack: 5.75.0(esbuild@0.12.29)(webpack-cli@4.10.0) /file-system-cache@1.1.0: resolution: {integrity: sha512-IzF5MBq+5CR0jXx5RxPe4BICl/oEhBSXKaL9fLhAXrIfIUS77Hr4vzrYyqYMHN6uTt+BOqi3fDCTjjEBCjERKw==} @@ -20548,6 +20561,14 @@ packages: '@types/hast': 2.3.4 dev: false + /hast-util-sanitize@5.0.2: + resolution: {integrity: sha512-3yTWghByc50aGS7JlGhk61SPenfE/p1oaFeNwkOOyrscaOkMGrcW9+Cy/QAIOBpZxP1yqDIzFMR0+Np0i0+usg==} + dependencies: + '@types/hast': 3.0.4 + '@ungap/structured-clone': 1.2.1 + unist-util-position: 5.0.0 + dev: false + /hast-util-to-html@8.0.4: resolution: {integrity: sha512-4tpQTUOr9BMjtYyNlt0P50mH7xj0Ks2xpo8M943Vykljf99HW6EzulIoJP1N3eKOSScEHzyzi9dm7/cn0RfGwA==} dependencies: @@ -23224,7 +23245,7 @@ packages: dependencies: klona: 2.0.6 less: 4.1.3 - webpack: 5.75.0(esbuild@0.15.18) + webpack: 5.75.0(esbuild@0.12.29)(webpack-cli@4.10.0) /less@3.13.1: resolution: {integrity: sha512-SwA1aQXGUvp+P5XdZslUOhhLnClSLIjWvJhmd+Vgib5BFIr9lMNlQwmwUNOjXThF/A0x+MCYYPeWEfeWiLRnTw==} @@ -30055,6 +30076,13 @@ packages: unified: 10.1.2 dev: false + /rehype-sanitize@6.0.0: + resolution: {integrity: sha512-CsnhKNsyI8Tub6L4sm5ZFsme4puGfc6pYylvXo1AeqaGbjOYyzNv3qZPwvs0oMJ39eryyeOdmxwUIo94IpEhqg==} + dependencies: + '@types/hast': 3.0.4 + hast-util-sanitize: 5.0.2 + dev: false + /rehype-stringify@9.0.3: resolution: {integrity: sha512-kWiZ1bgyWlgOxpqD5HnxShKAdXtb2IUljn3hQAhySeak6IOQPPt6DeGnsIh4ixm7yKJWzm8TXFuC/lPfcWHJqw==} dependencies: @@ -33698,6 +33726,12 @@ packages: '@types/unist': 2.0.6 dev: false + /unist-util-position@5.0.0: + resolution: {integrity: sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA==} + dependencies: + '@types/unist': 3.0.0 + dev: false + /unist-util-remove-position@2.0.1: resolution: {integrity: sha512-fDZsLYIe2uT+oGFnuZmy73K6ZxOPG/Qcm+w7jbEjaFcJgbQ6cqjs/eSPzXhsmGpAsWPkqZM9pYjww5QTn3LHMA==} dependencies: @@ -33938,7 +33972,7 @@ packages: loader-utils: 2.0.4 mime-types: 2.1.35 schema-utils: 3.1.1 - webpack: 5.75.0(esbuild@0.15.18) + webpack: 5.75.0(esbuild@0.12.29)(webpack-cli@4.10.0) /url-parse@1.5.10: resolution: {integrity: sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==} @@ -34597,7 +34631,7 @@ packages: mime-types: 2.1.35 range-parser: 1.2.1 schema-utils: 4.0.0 - webpack: 5.75.0(esbuild@0.15.18) + webpack: 5.75.0(esbuild@0.12.29)(webpack-cli@4.10.0) /webpack-dev-server@4.11.1(webpack-cli@4.10.0)(webpack@5.75.0): resolution: {integrity: sha512-lILVz9tAUy1zGFwieuaQtYiadImb5M3d+H+L1zDYalYoDl0cksAB1UNyuE5MMWJrG6zR1tXkCP2fitl7yoUJiw==}