KrstlSkll69/profilePage
1
0
Fork 0
forked from creations/profilePage
Code Pull requests Activity

fix xss issue aka: creations/profilePage#3, update depends change how activities display, remove readme title,

Browse source
This commit is contained in:
creations 2025-04-06 20:59:38 -04:00
parent 6a502d030d
commit c79ee2b203
Signed by: creations
GPG key ID: 8F553AA4320FC711
6 changed files with 270 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/helpers/lanyard.ts
View file

@ -1,5 +1,6 @@
import { lanyardConfig } from "@config/environment";
import { fetch } from "bun";
import DOMPurify from "isomorphic-dompurify";
import { marked } from "marked";
export async function getLanyardData(id?: string): Promise<LanyardResponse> {
@ -85,7 +86,10 @@ export async function handleReadMe(data: LanyardData): Promise<string | null> {
const text: string = await res.text();
if (!text || text.length < 10) return null;
return marked.parse(text);
const html: string | null = await marked.parse(text);
const safe: string | null = DOMPurify.sanitize(html);
return safe;
} catch {
return null;
}