jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

🔒️ Fix tiptap url CVE (#1459)

Browse Source
This commit is contained in:
Manuel
2023-10-09 21:29:41 +02:00
committed by GitHub
parent 2b5e2094fa
commit f3f4f23718
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/widgets/notebook/NotebookEditor.tsx
View File

@@ -5,12 +5,12 @@ import { IconEdit, IconEditOff } from '@tabler/icons-react';
import { BubbleMenu, useEditor } from '@tiptap/react'; import { BubbleMenu, useEditor } from '@tiptap/react';
import StarterKit from '@tiptap/starter-kit'; import StarterKit from '@tiptap/starter-kit';
import { useState } from 'react'; import { useState } from 'react';
import { useEditModeStore } from '~/components/Dashboard/Views/useEditModeStore';
import { useConfigContext } from '~/config/provider';
import { useConfigStore } from '~/config/store'; import { useConfigStore } from '~/config/store';
import { useColorTheme } from '~/tools/color'; import { useColorTheme } from '~/tools/color';
import { api } from '~/utils/api'; import { api } from '~/utils/api';
import { useEditModeStore } from '~/components/Dashboard/Views/useEditModeStore';
import { useConfigContext } from '~/config/provider';
import { WidgetLoading } from '../loading'; import { WidgetLoading } from '../loading';
import { INotebookWidget } from './NotebookWidgetTile'; import { INotebookWidget } from './NotebookWidgetTile';
@@ -33,7 +33,14 @@ export function Editor({ widget }: { widget: INotebookWidget }) {
const [debouncedContent] = useDebouncedValue(content, 500); const [debouncedContent] = useDebouncedValue(content, 500);
const editor = useEditor({ const editor = useEditor({
extensions: [StarterKit, Link], extensions: [
StarterKit,
Link.configure({
validate(url) {
return /^https?:\/\//.test(url);
},
}),
],
content, content,
editable: false, editable: false,
onUpdate: (e) => { onUpdate: (e) => {