Fix severe vulnerability in case of a malicious Piped/YouTube server.

2025-12-26 06:30:21 +00:00 · 2021-06-07 00:42:03 +05:30
parent 20ddaab9e3
commit acf81f386f
5 changed files with 19 additions and 6 deletions
--- a/src/main.js
+++ b/src/main.js
@@ -11,6 +11,8 @@ import("uikit/dist/js/uikit-core.min");
 import router from "@/router/router";
 import App from "./App.vue";

+import DOMPurify from 'dompurify';
+
 import("./registerServiceWorker");

 const mixin = {
@@ -58,6 +60,9 @@ const mixin = {
                return response.json();
            });
        },
+        purifyHTML(original) {
+            return DOMPurify.sanitize(original);
+        }
    },
 };