Typically dangerouslySetInnerHTML is to be avoided, but by using Marked we need it. Before this PR, the HTML resulting from Marked is too permissive, so this PR introduces DOMPurify to sanitize it before rendering it for the user. This makes DOMPurify a new dependency for the organizations plugin.
Testing Instructions
Test by attempting to put unsafe markup into an organization description. Any unsafe markup should not render.
Dev Checklist
[x] I have performed a self-review of my own code
[x] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation
[x] My changes generate no new warnings
[ ] I have added tests that prove my fix is effective or that my feature works
[x] New and existing unit tests pass locally with my changes
[ ] Integration tests have been run and fully pass (only when preparing a release)
[x] I have run run the code quality script against the codebase (also done implicitly during a build)
Update organizations to 2.1.12
Description
Typically
dangerouslySetInnerHTML
is to be avoided, but by usingMarked
we need it. Before this PR, the HTML resulting fromMarked
is too permissive, so this PR introducesDOMPurify
to sanitize it before rendering it for the user. This makesDOMPurify
a new dependency for the organizations plugin.Testing Instructions
Test by attempting to put unsafe markup into an organization description. Any unsafe markup should not render.
Dev Checklist