Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
2323d203b4
commit
33774c11b9
2 changed files with 8 additions and 3 deletions
|
@ -123,8 +123,8 @@
|
||||||
"store": "^2.0.12",
|
"store": "^2.0.12",
|
||||||
"string": "^3.3.3",
|
"string": "^3.3.3",
|
||||||
"tedious": "^1.14.0",
|
"tedious": "^1.14.0",
|
||||||
"to-markdown": "^3.0.3",
|
|
||||||
"toobusy-js": "^0.5.1",
|
"toobusy-js": "^0.5.1",
|
||||||
|
"turndown": "^5.0.1",
|
||||||
"uuid": "^3.1.0",
|
"uuid": "^3.1.0",
|
||||||
"validator": "^10.4.0",
|
"validator": "^10.4.0",
|
||||||
"velocity-animate": "^1.4.0",
|
"velocity-animate": "^1.4.0",
|
||||||
|
|
|
@ -12,7 +12,7 @@ require('../css/site.css')
|
||||||
|
|
||||||
require('highlight.js/styles/github-gist.css')
|
require('highlight.js/styles/github-gist.css')
|
||||||
|
|
||||||
import toMarkdown from 'to-markdown'
|
import TurndownService from 'turndown'
|
||||||
|
|
||||||
import { saveAs } from 'file-saver'
|
import { saveAs } from 'file-saver'
|
||||||
import randomColor from 'randomcolor'
|
import randomColor from 'randomcolor'
|
||||||
|
@ -1498,7 +1498,12 @@ $('#snippetExportModalConfirm').click(function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
function parseToEditor (data) {
|
function parseToEditor (data) {
|
||||||
var parsed = toMarkdown(data)
|
var turndownService = new TurndownService({
|
||||||
|
defaultReplacement: function (innerHTML, node) {
|
||||||
|
return node.isBlock ? '\n\n' + node.outerHTML + '\n\n' : node.outerHTML
|
||||||
|
}
|
||||||
|
})
|
||||||
|
var parsed = turndownService.turndown(data)
|
||||||
if (parsed) { replaceAll(parsed) }
|
if (parsed) { replaceAll(parsed) }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue