binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: isomorphic dompurify #8301

Browse source
This commit is contained in:
M. Palanikannan 2025-12-10 19:51:11 +05:30 committed by GitHub
parent 67dfe91890
commit 76ebf395e6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 393 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/editor/package.json
View file

@ -66,6 +66,7 @@
"emoji-regex": "^10.3.0",
"highlight.js": "^11.8.0",
"is-emoji-supported": "^0.0.5",
"isomorphic-dompurify": "^1.8.0",
"jsx-dom-cjs": "^8.0.3",
"linkifyjs": "^4.3.2",
"lowlight": "^3.0.0",

7
packages/editor/src/core/helpers/yjs-utils.ts
View file

@ -11,7 +11,7 @@ import {
DocumentEditorExtensionsWithoutProps,
} from "@/extensions/core-without-props";
import { TitleExtensions } from "@/extensions/title-extension";
import { sanitizeHTML } from "@plane/utils";
import DOMPurify from "isomorphic-dompurify";
// editor extension configs
const RICH_TEXT_EDITOR_EXTENSIONS = CoreEditorExtensionsWithoutProps;
@ -207,8 +207,9 @@ export const convertHTMLDocumentToAllFormats = (args: TConvertHTMLDocumentToAllF
};
export const extractTextFromHTML = (html: string): string => {
// Use sanitizeHTML to safely extract text and remove all HTML tags
// Use DOMPurify to safely extract text and remove all HTML tags
// This is more secure than regex as it handles edge cases and prevents injection
// Note: sanitizeHTML trims whitespace, which is acceptable for title extraction
return sanitizeHTML(html) || "";
const sanitizedText = DOMPurify.sanitize(html, { ALLOWED_TAGS: [] }); // sanitize the string to remove all HTML tags
return sanitizedText.trim() || ""; // trim the string to remove leading and trailing whitespaces
};