Closed GrigoryGraborenko closed 4 years ago
desmukh
commented
4 years ago I'll take a crack at this if no one else is on it? I was thinking of implementing either the Interweave react plugin, or the react-markdown plugin (if we want to use markdown rather than plain html)
Let me know if anyone has a better/different solution in mind, or any other advice?
GrigoryGraborenko
commented
4 years ago Hey, sorry, should have replied earlier! We actually partially solved this already - we used https://www.npmjs.com/package/sanitize-html in conjunction with react's dangerouslySetInnerHTML
melnyczuk
commented
4 years ago Hi 👋 Is this still open? I'm happy to pick it up!
Using dangerouslySetInnerHTML poses an XSS security vulnerability, so we should err against it.
GrigoryGraborenko
commented
4 years ago Thanks! If you can find a better library for this, please, go ahead and try and solve this without dangerouslySetInnerHTML. I was hoping that using the sanitation lib, which strips out Githubissues.
Ability to insert html into the text for tour node descriptions. This will allow us to add quotes, links to further reading, images, all sorts of other nice stuff. Try to avoid react's dangerouslySetInnerHTML - there might be security concerns around creating script tags.