sanitize markup

frontend/components/global/DetailsSection/DetailsSection.vue

@@ -33,11 +33,11 @@
 </template>
 
 <script setup lang="ts">
-  import type { CustomDetail, Detail } from "./types";
+  import type { AnyDetail, Detail } from "./types";
 
   defineProps({
     details: {
-      type: Object as () => (Detail | CustomDetail)[],
+      type: Object as () => (Detail | AnyDetail)[],
       required: true,
     },
   });

frontend/components/global/Markdown.vue

@@ -1,5 +1,6 @@
 <script setup lang="ts">
   import MarkdownIt from "markdown-it";
+  import DOMPurify from 'dompurify';
 
   type Props = {
     source: string;
@@ -13,8 +14,10 @@
     typographer: true,
   });
 
+
   const raw = computed(() => {
-    return md.render(props.source);
+    const html = md.render(props.source);
+    return DOMPurify.sanitize(html);
   });
 </script>
 

frontend/package.json

@@ -37,6 +37,7 @@
     "@vueuse/nuxt": "^9.1.1",
     "autoprefixer": "^10.4.8",
     "daisyui": "^2.24.0",
+    "dompurify": "^2.4.1",
     "markdown-it": "^13.0.1",
     "pinia": "^2.0.21",
     "postcss": "^8.4.16",

frontend/pnpm-lock.yaml

@@ -14,6 +14,7 @@ specifiers:
   '@vueuse/nuxt': ^9.1.1
   autoprefixer: ^10.4.8
   daisyui: ^2.24.0
+  dompurify: ^2.4.1
   eslint: ^8.23.0
   eslint-config-prettier: ^8.5.0
   eslint-plugin-prettier: ^4.2.1
@@ -40,6 +41,7 @@ dependencies:
   '@vueuse/nuxt': 9.6.0_34m4vklv7wytvv7hkkggjs6mui
   autoprefixer: 10.4.13_postcss@8.4.19
   daisyui: 2.42.1_2lwn2upnx27dqeg6hqdu7sq75m
+  dompurify: 2.4.1
   markdown-it: 13.0.1
   pinia: 2.0.27_mgnvym7yiazkylwwogi5r767ue
   postcss: 8.4.19
@@ -2244,6 +2246,10 @@ packages:
     dependencies:
       domelementtype: 2.3.0
 
+  /dompurify/2.4.1:
+    resolution: {integrity: sha512-ewwFzHzrrneRjxzmK6oVz/rZn9VWspGFRDb4/rRtIsM1n36t9AKma/ye8syCpcw+XJ25kOK/hOG7t1j2I2yBqA==}
+    dev: false
+
   /domutils/2.8.0:
     resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==}
     dependencies: