smig/excalidraw
1
0
Fork 0
mirror of https://github.com/excalidraw/excalidraw.git synced 2025-05-03 10:00:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: make HTML attribute sanitization stricter (#8977)

Browse source 
* feat: make HTML attribute sanitization stricter

* fix double escape
This commit is contained in:
David Luzar 2025-01-05 21:45:04 +01:00 committed by GitHub
parent c84babf574
commit b63689c230
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
packages/excalidraw/element/embeddable.ts
View file

@ -1,7 +1,11 @@
import { register } from "../actions/register";
import { FONT_FAMILY, VERTICAL_ALIGN } from "../constants";
import type { ExcalidrawProps } from "../types";
import { getFontString, updateActiveTool } from "../utils";
import {
getFontString,
sanitizeHTMLAttribute,
updateActiveTool,
} from "../utils";
import { setCursorForShape } from "../cursor";
import { newTextElement } from "./newElement";
import { wrapText } from "./textWrapping";
@ -11,7 +15,6 @@ import type {
ExcalidrawIframeLikeElement,
IframeData,
} from "./types";
import { sanitizeHTMLAttribute } from "../data/url";
import type { MarkRequired } from "../utility-types";
import { StoreAction } from "../store";