Ryan/Reactive-Resume
1
0
Fork 0
mirror of https://github.com/AmruthPillai/Reactive-Resume.git synced 2025-11-13 08:13:49 +10:00
Code Issues Packages Projects Releases Wiki Activity

sanitize all user inputs, fix #2172

Browse Source
This commit is contained in:
Amruth Pillai
2025-01-24 23:53:45 +01:00
parent 308a8e3ae3
commit c7ae0e94d7
29 changed files with 190 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/artboard/src/templates/nosepass.tsx
View File

@ -18,6 +18,7 @@ import { Education, Experience, Volunteer } from "@reactive-resume/schema";
import { cn, isEmptyString, isUrl } from "@reactive-resume/utils";
import get from "lodash.get";
import { Fragment } from "react";
import sanitizeHtml from "sanitize-html";
import { BrandIcon } from "../components/brand-icon";
import { Picture } from "../components/picture";
@ -105,9 +106,9 @@ const Summary = () => {
</div>
<div
dangerouslySetInnerHTML={{ __html: section.content }}
className="wysiwyg"
dangerouslySetInnerHTML={{ __html: sanitizeHtml(section.content) }}
style={{ columns: section.columns }}
className="wysiwyg"
/>
</div>
</section>
@ -217,7 +218,10 @@ const Section = <T,>({
{url !== undefined && section.separateLinks && <Link url={url} />}
{summary !== undefined && !isEmptyString(summary) && (
<div dangerouslySetInnerHTML={{ __html: summary }} className="wysiwyg" />
<div
dangerouslySetInnerHTML={{ __html: sanitizeHtml(summary) }}
className="wysiwyg"
/>
)}
{keywords !== undefined && keywords.length > 0 && (
@ -252,7 +256,10 @@ const Section = <T,>({
{url !== undefined && section.separateLinks && <Link url={url} />}
{summary !== undefined && !isEmptyString(summary) && (
<div dangerouslySetInnerHTML={{ __html: summary }} className="wysiwyg" />
<div
dangerouslySetInnerHTML={{ __html: sanitizeHtml(summary) }}
className="wysiwyg"
/>
)}
{keywords !== undefined && keywords.length > 0 && (