habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web/admin: add strict dompurify config for diagram (#11783)

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
2024-10-23 19:42:54 +02:00
committed by GitHub
parent 40c7fefd96
commit da73d4f784
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/common/purify.ts
View File

@ -6,6 +6,10 @@ import { TemplateResult, html } from "lit";
import { unsafeHTML } from "lit/directives/unsafe-html.js"; import { unsafeHTML } from "lit/directives/unsafe-html.js";
import { until } from "lit/directives/until.js"; import { until } from "lit/directives/until.js";
export const DOM_PURIFY_STRICT: DOMPurify.Config = {
ALLOWED_TAGS: ["#text"],
};
export function purify(input: TemplateResult): TemplateResult { export function purify(input: TemplateResult): TemplateResult {
return html`${until( return html`${until(
(async () => { (async () => {

3
web/src/elements/Diagram.ts
View File

@ -1,4 +1,5 @@
import { EVENT_REFRESH, EVENT_THEME_CHANGE } from "@goauthentik/common/constants"; import { EVENT_REFRESH, EVENT_THEME_CHANGE } from "@goauthentik/common/constants";
import { DOM_PURIFY_STRICT } from "@goauthentik/common/purify";
import { AKElement } from "@goauthentik/elements/Base"; import { AKElement } from "@goauthentik/elements/Base";
import "@goauthentik/elements/EmptyState"; import "@goauthentik/elements/EmptyState";
import mermaid, { MermaidConfig } from "mermaid"; import mermaid, { MermaidConfig } from "mermaid";
@ -47,6 +48,8 @@ export class Diagram extends AKElement {
curve: "linear", curve: "linear",
}, },
htmlLabels: false, htmlLabels: false,
securityLevel: "strict",
dompurifyConfig: DOM_PURIFY_STRICT,
}; };
mermaid.initialize(this.config); mermaid.initialize(this.config);
} }