web/flows: use dompurify for footer links (#11773)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-10-23 11:15:23 +02:00
parent 12dbdfaf66
commit a5a26a50c6
4 changed files with 91 additions and 15 deletions
--- a/web/src/common/purify.ts
+++ b/web/src/common/purify.ts
@ -0,0 +1,17 @@
+import DOMPurify from "dompurify";
+
+import { render } from "@lit-labs/ssr";
+import { collectResult } from "@lit-labs/ssr/lib/render-result.js";
+import { TemplateResult, html } from "lit";
+import { unsafeHTML } from "lit/directives/unsafe-html.js";
+import { until } from "lit/directives/until.js";
+
+export function purify(input: TemplateResult): TemplateResult {
+    return html`${until(
+        (async () => {
+            const rendered = await collectResult(render(input));
+            const purified = DOMPurify.sanitize(rendered);
+            return html`${unsafeHTML(purified)}`;
+        })(),
+    )}`;
+}