Actually sanitize rendered Markdown

author: Kit La Touche <kit@transneptune.net> 2024-11-02 15:35:17 -0400
committer: Kit La Touche <kit@transneptune.net> 2024-11-02 15:35:17 -0400
commit: a5a293558592cf53bf6bdde44e793dd6ab243837 (patch)
tree: bc2f0f0b28be7cb9e93f64022798bd93ddd9133f /ui/lib/components/Message.svelte
parent: a32b0ab6ad7995b8fff98e423793a7c6521ea1e9 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/ui/lib/components/Message.svelte b/ui/lib/components/Message.svelte
index 75e4cc9..c9dd301 100644
--- a/ui/lib/components/Message.svelte
+++ b/ui/lib/components/Message.svelte
@@ -1,9 +1,12 @@
 <script>
-    import SvelteMarkdown from 'svelte-markdown';
+    import { marked } from 'marked';
+    import DOMPurify from 'dompurify';
 
     export let at;
     export let body;
 
+    let renderedBody = DOMPurify.sanitize(marked.parse(body));
+
     let scroll = (message) => {
         message.scrollIntoView();
     }
@@ -12,7 +15,7 @@
 <div class="message relative">
     <span class="timestamp chip variant-soft absolute top-0 right-0">{at}</span>
     <section use:scroll class="py-1">
-        <SvelteMarkdown source={body} />
+        {@html renderedBody}
     </section>
 </div>
author	Kit La Touche <kit@transneptune.net>	2024-11-02 15:35:17 -0400
committer	Kit La Touche <kit@transneptune.net>	2024-11-02 15:35:17 -0400
commit	a5a293558592cf53bf6bdde44e793dd6ab243837 (patch)
tree	bc2f0f0b28be7cb9e93f64022798bd93ddd9133f /ui/lib/components/Message.svelte
parent	a32b0ab6ad7995b8fff98e423793a7c6521ea1e9 (diff)