Skip to content

Commit 78e0025

Browse files
nsarrazinnsarrazin
authored
Improve sanitization of model output (#1341)
* Improve sanitization of model output * make it compatible with SSR * fix formatting issues
1 parent df67a2c commit 78e0025

File tree

4 files changed

+270
-15
lines changed

4 files changed

+270
-15
lines changed

package-lock.json

Lines changed: 256 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
"@sveltejs/adapter-node": "^1.3.1",
2323
"@sveltejs/kit": "^1.30.4",
2424
"@tailwindcss/typography": "^0.5.9",
25+
"@types/dompurify": "^3.0.5",
2526
"@types/express": "^4.17.21",
2627
"@types/js-yaml": "^4.0.9",
2728
"@types/jsdom": "^21.1.1",
@@ -31,9 +32,11 @@
3132
"@types/uuid": "^9.0.8",
3233
"@typescript-eslint/eslint-plugin": "^6.x",
3334
"@typescript-eslint/parser": "^6.x",
35+
"dompurify": "^3.1.6",
3436
"eslint": "^8.28.0",
3537
"eslint-config-prettier": "^8.5.0",
3638
"eslint-plugin-svelte": "^2.30.0",
39+
"isomorphic-dompurify": "^2.13.0",
3740
"js-yaml": "^4.1.0",
3841
"minimist": "^1.2.8",
3942
"prettier": "^2.8.0",

src/lib/components/CodeBlock.svelte

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<script lang="ts">
22
import { afterUpdate } from "svelte";
33
import CopyToClipBoardBtn from "./CopyToClipBoardBtn.svelte";
4+
import DOMPurify from "isomorphic-dompurify";
45
56
export let code = "";
67
export let lang = "";
@@ -19,8 +20,9 @@
1920
<!-- eslint-disable svelte/no-at-html-tags -->
2021
<pre
2122
class="scrollbar-custom overflow-auto px-5 scrollbar-thumb-gray-500 hover:scrollbar-thumb-gray-400 dark:scrollbar-thumb-white/10 dark:hover:scrollbar-thumb-white/20"><code
22-
class="language-{lang}">{@html highlightedCode || code.replaceAll("<", "&lt;")}</code
23-
></pre>
23+
class="language-{lang}"
24+
>{@html DOMPurify.sanitize(highlightedCode || code.replaceAll("<", "&lt;"))}
25+
</code></pre>
2426
<CopyToClipBoardBtn
2527
classNames="absolute top-2 right-2 invisible opacity-0 group-hover:visible group-hover:opacity-100"
2628
value={code}

0 commit comments

Comments
 (0)