From 1ad2b32d18f3a8ea7b49dffe014277eee2acf64a Mon Sep 17 00:00:00 2001
From: Hayden <64056131+hay-kot@users.noreply.github.com>
Date: Fri, 2 Dec 2022 15:57:02 -0900
Subject: [PATCH] sanitize markup

---
 .../components/global/DetailsSection/DetailsSection.vue     | 4 ++--
 frontend/components/global/Markdown.vue                     | 5 ++++-
 frontend/package.json                                       | 1 +
 frontend/pnpm-lock.yaml                                     | 6 ++++++
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/frontend/components/global/DetailsSection/DetailsSection.vue b/frontend/components/global/DetailsSection/DetailsSection.vue
index d1a135f..40b6cd1 100644
--- a/frontend/components/global/DetailsSection/DetailsSection.vue
+++ b/frontend/components/global/DetailsSection/DetailsSection.vue
@@ -33,11 +33,11 @@
 </template>
 
 <script setup lang="ts">
-  import type { CustomDetail, Detail } from "./types";
+  import type { AnyDetail, Detail } from "./types";
 
   defineProps({
     details: {
-      type: Object as () => (Detail | CustomDetail)[],
+      type: Object as () => (Detail | AnyDetail)[],
       required: true,
     },
   });
diff --git a/frontend/components/global/Markdown.vue b/frontend/components/global/Markdown.vue
index 1a08baf..c197051 100644
--- a/frontend/components/global/Markdown.vue
+++ b/frontend/components/global/Markdown.vue
@@ -1,5 +1,6 @@
 <script setup lang="ts">
   import MarkdownIt from "markdown-it";
+  import DOMPurify from 'dompurify';
 
   type Props = {
     source: string;
@@ -13,8 +14,10 @@
     typographer: true,
   });
 
+
   const raw = computed(() => {
-    return md.render(props.source);
+    const html = md.render(props.source);
+    return DOMPurify.sanitize(html);
   });
 </script>
 
diff --git a/frontend/package.json b/frontend/package.json
index b7b0516..a06db47 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -37,6 +37,7 @@
     "@vueuse/nuxt": "^9.1.1",
     "autoprefixer": "^10.4.8",
     "daisyui": "^2.24.0",
+    "dompurify": "^2.4.1",
     "markdown-it": "^13.0.1",
     "pinia": "^2.0.21",
     "postcss": "^8.4.16",
diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml
index d5fca82..fc11122 100644
--- a/frontend/pnpm-lock.yaml
+++ b/frontend/pnpm-lock.yaml
@@ -14,6 +14,7 @@ specifiers:
   '@vueuse/nuxt': ^9.1.1
   autoprefixer: ^10.4.8
   daisyui: ^2.24.0
+  dompurify: ^2.4.1
   eslint: ^8.23.0
   eslint-config-prettier: ^8.5.0
   eslint-plugin-prettier: ^4.2.1
@@ -40,6 +41,7 @@ dependencies:
   '@vueuse/nuxt': 9.6.0_34m4vklv7wytvv7hkkggjs6mui
   autoprefixer: 10.4.13_postcss@8.4.19
   daisyui: 2.42.1_2lwn2upnx27dqeg6hqdu7sq75m
+  dompurify: 2.4.1
   markdown-it: 13.0.1
   pinia: 2.0.27_mgnvym7yiazkylwwogi5r767ue
   postcss: 8.4.19
@@ -2244,6 +2246,10 @@ packages:
     dependencies:
       domelementtype: 2.3.0
 
+  /dompurify/2.4.1:
+    resolution: {integrity: sha512-ewwFzHzrrneRjxzmK6oVz/rZn9VWspGFRDb4/rRtIsM1n36t9AKma/ye8syCpcw+XJ25kOK/hOG7t1j2I2yBqA==}
+    dev: false
+
   /domutils/2.8.0:
     resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==}
     dependencies: