jprdonnelly/redash
1
0
Fork 0
mirror of https://github.com/getredash/redash.git synced 2026-03-21 16:00:09 -04:00
Code Issues Projects Releases Wiki Activity
Files
release-script
redash/client/app/services/sanitize.js
Gabriel Dutra 32b41e4112 Misc frontend changes from internal fork (#5143)
2020-09-04 08:00:30 -03:00

24 lines
640 B
JavaScript
Raw Permalink Blame History

import { isString } from "lodash";
import DOMPurify from "dompurify";
DOMPurify.setConfig({
ADD_ATTR: ["target"],
});
DOMPurify.addHook("afterSanitizeAttributes", function(node) {
// Fix elements with `target` attribute:
// - allow only `target="_blank"
// - add `rel="noopener noreferrer"` to prevent https://www.owasp.org/index.php/Reverse_Tabnabbing
const target = node.getAttribute("target");
if (isString(target) && target.toLowerCase() === "_blank") {
node.setAttribute("rel", "noopener noreferrer");
} else {
node.removeAttribute("target");
}
});
export { DOMPurify };
export default DOMPurify.sanitize;
Reference in New Issue View Git Blame Copy Permalink