Sanitize plugin docs content (#2900)

2025-10-22 13:42:51 +00:00 · 2023-12-02 14:48:26 +01:00
parent de5855b706
commit 1caccdc977
3 changed files with 495 additions and 7 deletions
--- a/docs/plugins/woodpecker-plugins/package.json
+++ b/docs/plugins/woodpecker-plugins/package.json
@@ -28,6 +28,7 @@
  },
  "dependencies": {
    "fuse.js": "^7.0.0",
+    "isomorphic-dompurify": "^1.11.0",
    "yaml": "^2.3.1"
  }
 }
--- a/docs/plugins/woodpecker-plugins/src/markdown.ts
+++ b/docs/plugins/woodpecker-plugins/src/markdown.ts
@@ -1,3 +1,4 @@
+import DOMPurify from 'isomorphic-dompurify';
 import { marked } from 'marked';
 import { parse as YAMLParse } from 'yaml';

@@ -23,5 +24,5 @@ export function getContent(data: string): string {
  if (!content) {
    throw new Error("Can't get the content");
  }
-  return marked(content) as string;
+  return DOMPurify.sanitize(marked(content) as string);
 }