Closed monodyle closed 3 years ago
Resolve #32
Changed in this PR: Sanitizer content before passed content to dangerouslySetInnerHTML.
dangerouslySetInnerHTML
Reference to my comment https://github.com/webuild-community/federated-blog/issues/32#issuecomment-868979128, dangerouslySetInnerHTML can make a serious vulnerability, like a bad man can steal user's cookies, or xss worm.
So I used dompurify to sanitize the most common cases of XSS attacks to protect the content.
Resolve #32
Changed in this PR: Sanitizer content before passed content to
dangerouslySetInnerHTML.Reference to my comment https://github.com/webuild-community/federated-blog/issues/32#issuecomment-868979128,
dangerouslySetInnerHTMLcan make a serious vulnerability, like a bad man can steal user's cookies, or xss worm.So I used dompurify to sanitize the most common cases of XSS attacks to protect the content.