iop
/
superset
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

filter out markdown containing XSS (#9163)

This commit is contained in:
ʈᵃᵢ 2020-02-19 01:44:45 -08:00 committed by GitHub
parent 9f5f8e5d92
commit 3e73c81b25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 151 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
superset-frontend/package-lock.json generated
View File

@ -4970,11 +4970,6 @@
} }
} }
}, },
"@types/unist": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.2.tgz",
"integrity": "sha512-iHI60IbyfQilNubmxsq4zqSjdynlmc2Q/QvH9kjzg9+CCYVVzq1O6tc7VBzSygIwnmOt07w80IG6HDQvjv3Liw=="
},
"@types/webpack": { "@types/webpack": {
"version": "4.39.1", "version": "4.39.1",
"resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-4.39.1.tgz", "resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-4.39.1.tgz",
@ -6667,9 +6662,9 @@
} }
}, },
"bail": { "bail": {
"version": "1.0.3", "version": "1.0.5",
"resolved": "https://registry.npmjs.org/bail/-/bail-1.0.3.tgz", "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz",
"integrity": "sha512-1X8CnjFVQ+a+KW36uBNMTU5s8+v5FzeqrP7hTG5aTb4aPreSbZJlhwPon9VKMuEVgV++JM+SQrALY3kr7eswdg==" "integrity": "sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ=="
}, },
"balanced-match": { "balanced-match": {
"version": "1.0.0", "version": "1.0.0",
@ -8262,9 +8257,9 @@
"dev": true "dev": true
}, },
"collapse-white-space": { "collapse-white-space": {
"version": "1.0.4", "version": "1.0.6",
"resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.4.tgz", "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.6.tgz",
"integrity": "sha512-YfQ1tAUZm561vpYD+5eyWN8+UsceQbSrqqlc/6zDY2gtAE+uZLSdkkovhnGpmCThsvKBFakq4EdY/FF93E8XIw==" "integrity": "sha512-jEovNnrhMuqyCcjfEJA56v0Xq8SkIoPKDyaHahwo3POf4qcSXqMYuwNcOTzp74vTsR9Tn08z4MxWqAhcekogkQ=="
}, },
"collection-visit": { "collection-visit": {
"version": "1.0.0", "version": "1.0.0",
@ -13187,6 +13182,67 @@
"integrity": "sha1-DfKTUfByEWNRXfueVUPl9u7VFi8=", "integrity": "sha1-DfKTUfByEWNRXfueVUPl9u7VFi8=",
"dev": true "dev": true
}, },
"html-to-react": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/html-to-react/-/html-to-react-1.4.2.tgz",
"integrity": "sha512-TdTfxd95sRCo6QL8admCkE7mvNNrXtGoVr1dyS+7uvc8XCqAymnf/6ckclvnVbQNUo2Nh21VPwtfEHd0khiV7g==",
"requires": {
"domhandler": "^3.0",
"htmlparser2": "^4.0",
"lodash.camelcase": "^4.3.0",
"ramda": "^0.26"
},
"dependencies": {
"dom-serializer": {
"version": "0.2.2",
"resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz",
"integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==",
"requires": {
"domelementtype": "^2.0.1",
"entities": "^2.0.0"
}
},
"domelementtype": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.0.1.tgz",
"integrity": "sha512-5HOHUDsYZWV8FGWN0Njbr/Rn7f/eWSQi1v7+HsUVwXgn8nWWlL64zKDkS0n8ZmQ3mlWOMuXOnR+7Nx/5tMO5AQ=="
},
"domhandler": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/domhandler/-/domhandler-3.0.0.tgz",
"integrity": "sha512-eKLdI5v9m67kbXQbJSNn1zjh0SDzvzWVWtX+qEI3eMjZw8daH9k8rlj1FZY9memPwjiskQFbe7vHVVJIAqoEhw==",
"requires": {
"domelementtype": "^2.0.1"
}
},
"domutils": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/domutils/-/domutils-2.0.0.tgz",
"integrity": "sha512-n5SelJ1axbO636c2yUtOGia/IcJtVtlhQbFiVDBZHKV5ReJO1ViX7sFEemtuyoAnBxk5meNSYgA8V4s0271efg==",
"requires": {
"dom-serializer": "^0.2.1",
"domelementtype": "^2.0.1",
"domhandler": "^3.0.0"
}
},
"entities": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-2.0.0.tgz",
"integrity": "sha512-D9f7V0JSRwIxlRI2mjMqufDrRDnx8p+eEOz7aUM9SuvF8gsBzra0/6tbjl1m8eQHrZlYj6PxqE00hZ1SAIKPLw=="
},
"htmlparser2": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-4.0.0.tgz",
"integrity": "sha512-cChwXn5Vam57fyXajDtPXL1wTYc8JtLbr2TN76FYu05itVVVealxLowe2B3IEznJG4p9HAYn/0tJaRlGuEglFQ==",
"requires": {
"domelementtype": "^2.0.1",
"domhandler": "^3.0.0",
"domutils": "^2.0.0",
"entities": "^2.0.0"
}
}
}
},
"htmlparser2": { "htmlparser2": {
"version": "3.10.1", "version": "3.10.1",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.10.1.tgz", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.10.1.tgz",
@ -14429,9 +14485,9 @@
"integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=" "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
}, },
"is-whitespace-character": { "is-whitespace-character": {
"version": "1.0.2", "version": "1.0.4",
"resolved": "https://registry.npmjs.org/is-whitespace-character/-/is-whitespace-character-1.0.2.tgz", "resolved": "https://registry.npmjs.org/is-whitespace-character/-/is-whitespace-character-1.0.4.tgz",
"integrity": "sha512-SzM+T5GKUCtLhlHFKt2SDAX2RFzfS6joT91F2/WSi9LxgFdsnhfPK/UIA+JhRR2xuyLdrCys2PiFDrtn1fU5hQ==" "integrity": "sha512-SDweEzfIZM0SJV0EUga669UTKlmL0Pq8Lno0QDQsPnvECB3IM2aP0gdx5TrU0A01MAPfViaZiI2V1QMZLaKK5w=="
}, },
"is-windows": { "is-windows": {
"version": "0.1.1", "version": "0.1.1",
@ -14439,9 +14495,9 @@
"integrity": "sha1-vjEHFUMc+rzMVKs5USEPoLbQGr4=" "integrity": "sha1-vjEHFUMc+rzMVKs5USEPoLbQGr4="
}, },
"is-word-character": { "is-word-character": {
"version": "1.0.2", "version": "1.0.4",
"resolved": "https://registry.npmjs.org/is-word-character/-/is-word-character-1.0.2.tgz", "resolved": "https://registry.npmjs.org/is-word-character/-/is-word-character-1.0.4.tgz",
"integrity": "sha512-T3FlsX8rCHAH8e7RE7PfOPZVFQlcV3XRF9eOOBQ1uf70OxO7CjjSOjeImMPCADBdYWcStAbVbYvJ1m2D3tb+EA==" "integrity": "sha512-5SMO8RVennx3nZrqtKwCGyyetPE9VDba5ugvKLaD4KopPG5kR4mQ7tNt/r7feL5yt5h3lpuBbIUmCOG2eSzXHA=="
}, },
"is-wsl": { "is-wsl": {
"version": "1.1.0", "version": "1.1.0",
@ -16690,6 +16746,11 @@
"resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.15.tgz", "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.15.tgz",
"integrity": "sha512-rlrc3yU3+JNOpZ9zj5pQtxnx2THmvRykwL4Xlxoa8I9lHBlVbbyPhgyPMioxVZ4NqyxaVVtaJnzsyOidQIhyyQ==" "integrity": "sha512-rlrc3yU3+JNOpZ9zj5pQtxnx2THmvRykwL4Xlxoa8I9lHBlVbbyPhgyPMioxVZ4NqyxaVVtaJnzsyOidQIhyyQ=="
}, },
"lodash.camelcase": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
"integrity": "sha1-soqmKIorn8ZRA1x3EfZathkDMaY="
},
"lodash.curry": { "lodash.curry": {
"version": "4.1.1", "version": "4.1.1",
"resolved": "https://registry.npmjs.org/lodash.curry/-/lodash.curry-4.1.1.tgz", "resolved": "https://registry.npmjs.org/lodash.curry/-/lodash.curry-4.1.1.tgz",
@ -16972,9 +17033,9 @@
} }
}, },
"markdown-escapes": { "markdown-escapes": {
"version": "1.0.2", "version": "1.0.4",
"resolved": "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.2.tgz", "resolved": "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.4.tgz",
"integrity": "sha512-lbRZ2mE3Q9RtLjxZBZ9+IMl68DKIXaVAhwvwn9pmjnPLS0h/6kyBMgNhqi1xFJ/2yv6cSyv0jbiZavZv93JkkA==" "integrity": "sha512-8z4efJYk43E0upd0NbVXwgSTQs6cT3T06etieCMEg7dRbzCbxUCK/GHlX8mhHRDcp+OLlHkPKsvqQTCvsRl2cg=="
}, },
"material-colors": { "material-colors": {
"version": "1.2.6", "version": "1.2.6",
@ -20798,6 +20859,11 @@
"integrity": "sha1-635iZ1SN3t+4mcG5Dlc3RVnN234=", "integrity": "sha1-635iZ1SN3t+4mcG5Dlc3RVnN234=",
"dev": true "dev": true
}, },
"ramda": {
"version": "0.26.1",
"resolved": "https://registry.npmjs.org/ramda/-/ramda-0.26.1.tgz",
"integrity": "sha512-hLWjpy7EnsDBb0p+Z3B7rPi3GDeRG5ZtiI33kJhTt+ORCd38AbAIjB/9zRIUoeTbE/AVX5ZkU7m6bznsvrf8eQ=="
},
"randexp": { "randexp": {
"version": "0.4.6", "version": "0.4.6",
"resolved": "https://registry.npmjs.org/randexp/-/randexp-0.4.6.tgz", "resolved": "https://registry.npmjs.org/randexp/-/randexp-0.4.6.tgz",
@ -21218,16 +21284,35 @@
} }
}, },
"react-markdown": { "react-markdown": {
"version": "3.6.0", "version": "4.3.1",
"resolved": "https://registry.npmjs.org/react-markdown/-/react-markdown-3.6.0.tgz", "resolved": "https://registry.npmjs.org/react-markdown/-/react-markdown-4.3.1.tgz",
"integrity": "sha512-TV0wQDHHPCEeKJHWXFfEAKJ8uSEsJ9LgrMERkXx05WV/3q6Ig+59KDNaTmjcoqlCpE/sH5PqqLMh4t0QWKrJ8Q==", "integrity": "sha512-HQlWFTbDxTtNY6bjgp3C3uv1h2xcjCSi1zAEzfBW9OwJJvENSYiLXWNXN5hHLsoqai7RnZiiHzcnWdXk2Splzw==",
"requires": { "requires": {
"html-to-react": "^1.3.4",
"mdast-add-list-metadata": "1.0.1", "mdast-add-list-metadata": "1.0.1",
"prop-types": "^15.6.1", "prop-types": "^15.7.2",
"react-is": "^16.8.6",
"remark-parse": "^5.0.0", "remark-parse": "^5.0.0",
"unified": "^6.1.5", "unified": "^6.1.5",
"unist-util-visit": "^1.3.0", "unist-util-visit": "^1.3.0",
"xtend": "^4.0.1" "xtend": "^4.0.1"
},
"dependencies": {
"prop-types": {
"version": "15.7.2",
"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",
"integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
"requires": {
"loose-envify": "^1.4.0",
"object-assign": "^4.1.1",
"react-is": "^16.8.1"
}
},
"react-is": {
"version": "16.12.0",
"resolved": "https://registry.npmjs.org/react-is/-/react-is-16.12.0.tgz",
"integrity": "sha512-rPCkf/mWBtKc97aLL9/txD8DZdemK0vkA3JMLShjlJB3Pj3s+lpf1KaBzMfQrAmhMQB0n1cU/SUGgKKBCe837Q=="
}
} }
}, },
"react-move": { "react-move": {
@ -23241,9 +23326,9 @@
"dev": true "dev": true
}, },
"state-toggle": { "state-toggle": {
"version": "1.0.1", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.1.tgz", "resolved": "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.3.tgz",
"integrity": "sha512-Qe8QntFrrpWTnHwvwj2FZTgv+PKIsp0B9VxLzLLbSpPXWOgRgc5LVj/aTiSfK1RqIeF9jeC1UeOH8Q8y60A7og==" "integrity": "sha512-d/5Z4/2iiCnHw6Xzghyhb+GcmF89bxwgXG60wjIiZaxnymbyOmI8Hk4VqHXiVVp6u2ysaskFfXg3ekCj4WNftQ=="
}, },
"static-eval": { "static-eval": {
"version": "2.0.2", "version": "2.0.2",
@ -24282,14 +24367,14 @@
"integrity": "sha1-yy4SAwZ+DI3h9hQJS5/kVwTqYAM=" "integrity": "sha1-yy4SAwZ+DI3h9hQJS5/kVwTqYAM="
}, },
"trim-trailing-lines": { "trim-trailing-lines": {
"version": "1.1.1", "version": "1.1.3",
"resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.1.tgz", "resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.3.tgz",
"integrity": "sha512-bWLv9BbWbbd7mlqqs2oQYnLD/U/ZqeJeJwbO0FG2zA1aTq+HTvxfHNKFa/HGCVyJpDiioUYaBhfiT6rgk+l4mg==" "integrity": "sha512-4ku0mmjXifQcTVfYDfR5lpgV7zVqPg6zV9rdZmwOPqq0+Zq19xDqEgagqVbc4pOOShbncuAOIs59R3+3gcF3ZA=="
}, },
"trough": { "trough": {
"version": "1.0.3", "version": "1.0.5",
"resolved": "https://registry.npmjs.org/trough/-/trough-1.0.3.tgz", "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.5.tgz",
"integrity": "sha512-fwkLWH+DimvA4YCy+/nvJd61nWQQ2liO/nF/RjkTpiOGi+zxZzVkhb1mvbHIIW4b/8nDsYI8uTmAlc0nNkRMOw==" "integrity": "sha512-rvuRbTarPXmMb79SmzEp8aqXNKcK+y0XaB298IXueQ8I2PsrATcPBCSPyK/dDNa2iWOhKlfNnOjdAOTBU/nkFA=="
}, },
"tryer": { "tryer": {
"version": "1.0.1", "version": "1.0.1",
@ -24608,12 +24693,12 @@
"integrity": "sha512-5/4etnCkd9c8gwgowi5/om/mYO5ajCaOgdzj/oW+0eQV9WxKBDZw5+ycmKmeaTXjInS/W0BzpGLo2xR2aBwZdg==" "integrity": "sha512-5/4etnCkd9c8gwgowi5/om/mYO5ajCaOgdzj/oW+0eQV9WxKBDZw5+ycmKmeaTXjInS/W0BzpGLo2xR2aBwZdg=="
}, },
"unherit": { "unherit": {
"version": "1.1.1", "version": "1.1.3",
"resolved": "https://registry.npmjs.org/unherit/-/unherit-1.1.1.tgz", "resolved": "https://registry.npmjs.org/unherit/-/unherit-1.1.3.tgz",
"integrity": "sha512-+XZuV691Cn4zHsK0vkKYwBEwB74T3IZIcxrgn2E4rKwTfFyI1zCh7X7grwh9Re08fdPlarIdyWgI8aVB3F5A5g==", "integrity": "sha512-Ft16BJcnapDKp0+J/rqFC3Rrk6Y/Ng4nzsC028k2jdDII/rdZ7Wd3pPT/6+vIIxRagwRc9K0IUX0Ra4fKvw+WQ==",
"requires": { "requires": {
"inherits": "^2.0.1", "inherits": "^2.0.0",
"xtend": "^4.0.1" "xtend": "^4.0.0"
} }
}, },
"unicode-canonical-property-names-ecmascript": { "unicode-canonical-property-names-ecmascript": {
@ -24700,14 +24785,14 @@
} }
}, },
"unist-util-is": { "unist-util-is": {
"version": "2.1.2", "version": "3.0.0",
"resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-2.1.2.tgz", "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-3.0.0.tgz",
"integrity": "sha512-YkXBK/H9raAmG7KXck+UUpnKiNmUdB+aBGrknfQ4EreE1banuzrKABx3jP6Z5Z3fMSPMQQmeXBlKpCbMwBkxVw==" "integrity": "sha512-sVZZX3+kspVNmLWBPAB6r+7D9ZgAFPNWm66f7YNb420RlQSbn+n8rG8dGZSkrER7ZIXGQYNm5pqC3v3HopH24A=="
}, },
"unist-util-remove-position": { "unist-util-remove-position": {
"version": "1.1.2", "version": "1.1.4",
"resolved": "https://registry.npmjs.org/unist-util-remove-position/-/unist-util-remove-position-1.1.2.tgz", "resolved": "https://registry.npmjs.org/unist-util-remove-position/-/unist-util-remove-position-1.1.4.tgz",
"integrity": "sha512-XxoNOBvq1WXRKXxgnSYbtCF76TJrRoe5++pD4cCBsssSiWSnPEktyFrFLE8LTk3JW5mt9hB0Sk5zn4x/JeWY7Q==", "integrity": "sha512-tLqd653ArxJIPnKII6LMZwH+mb5q+n/GtXQZo6S6csPRs5zB0u79Yw8ouR3wTw8wxvdJFhpP6Y7jorWdCgLO0A==",
"requires": { "requires": {
"unist-util-visit": "^1.1.0" "unist-util-visit": "^1.1.0"
} }
@ -24718,19 +24803,19 @@
"integrity": "sha512-pNCVrk64LZv1kElr0N1wPiHEUoXNVFERp+mlTg/s9R5Lwg87f9bM/3sQB99w+N9D/qnM9ar3+AKDBwo/gm/iQQ==" "integrity": "sha512-pNCVrk64LZv1kElr0N1wPiHEUoXNVFERp+mlTg/s9R5Lwg87f9bM/3sQB99w+N9D/qnM9ar3+AKDBwo/gm/iQQ=="
}, },
"unist-util-visit": { "unist-util-visit": {
"version": "1.4.0", "version": "1.4.1",
"resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-1.4.0.tgz", "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-1.4.1.tgz",
"integrity": "sha512-FiGu34ziNsZA3ZUteZxSFaczIjGmksfSgdKqBfOejrrfzyUy5b7YrlzT1Bcvi+djkYDituJDy2XB7tGTeBieKw==", "integrity": "sha512-AvGNk7Bb//EmJZyhtRUnNMEpId/AZ5Ph/KUpTI09WHQuDZHKovQ1oEv3mfmKpWKtoMzyMC4GLBm1Zy5k12fjIw==",
"requires": { "requires": {
"unist-util-visit-parents": "^2.0.0" "unist-util-visit-parents": "^2.0.0"
}, },
"dependencies": { "dependencies": {
"unist-util-visit-parents": { "unist-util-visit-parents": {
"version": "2.0.1", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-2.0.1.tgz", "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-2.1.2.tgz",
"integrity": "sha512-6B0UTiMfdWql4cQ03gDTCSns+64Zkfo2OCbK31Ov0uMizEz+CJeAp0cgZVb5Fhmcd7Bct2iRNywejT0orpbqUA==", "integrity": "sha512-DyN5vD4NE3aSeB+PXYNKxzGsfocxp6asDc2XXE3b0ekO2BaRUpBicbbUygfSvYfUz1IkmjFR1YF7dPklraMZ2g==",
"requires": { "requires": {
"unist-util-is": "^2.1.2" "unist-util-is": "^3.0.0"
} }
} }
} }
@ -25567,16 +25652,15 @@
} }
}, },
"vfile-location": { "vfile-location": {
"version": "2.0.4", "version": "2.0.6",
"resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-2.0.4.tgz", "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-2.0.6.tgz",
"integrity": "sha512-KRL5uXQPoUKu+NGvQVL4XLORw45W62v4U4gxJ3vRlDfI9QsT4ZN1PNXn/zQpKUulqGDpYuT0XDfp5q9O87/y/w==" "integrity": "sha512-sSFdyCP3G6Ka0CEmN83A2YCMKIieHx0EDaj5IDP4g1pa5ZJ4FJDvpO0WODLxo4LUX4oe52gmSCK7Jw4SBghqxA=="
}, },
"vfile-message": { "vfile-message": {
"version": "1.1.0", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-1.1.0.tgz", "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-1.1.1.tgz",
"integrity": "sha512-D9E9mTcn6b2uWxUgNSBQPWFywPxP87dZCkemuh01vNb7zntXgHtsrTorZdURrKSpFM0O1IlQVpfdmHuJuy6EGw==", "integrity": "sha512-1WmsopSGhWt5laNir+633LszXvZ+Z/lxveBf6yhGsqnQIhlhzooZae7zV6YVM1Sdkw68dtAW3ow0pOdPANugvA==",
"requires": { "requires": {
"@types/unist": "^2.0.2",
"unist-util-stringify-position": "^1.1.1" "unist-util-stringify-position": "^1.1.1"
} }
}, },

2
superset-frontend/package.json
View File

@ -126,7 +126,7 @@
"react-hot-loader": "^4.3.6", "react-hot-loader": "^4.3.6",
"react-json-tree": "^0.11.2", "react-json-tree": "^0.11.2",
"react-jsonschema-form": "^1.2.0", "react-jsonschema-form": "^1.2.0",
"react-markdown": "^3.3.0", "react-markdown": "^4.3.1",
"react-redux": "^5.0.2", "react-redux": "^5.0.2",
"react-router-dom": "^5.1.2", "react-router-dom": "^5.1.2",
"react-search-input": "^0.11.3", "react-search-input": "^0.11.3",

8
superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
View File

@ -73,6 +73,13 @@ const markdownPlaceHolder = `# ✨Markdown
Click here to edit [markdown](https://bit.ly/1dQOfRK)`; Click here to edit [markdown](https://bit.ly/1dQOfRK)`;
function isSafeMarkup(node) {
if (node.type === 'html') {
return /href="(javascript|vbscript|file):.*"/gim.test(node.value) === false;
}
return true;
}
class Markdown extends React.PureComponent { class Markdown extends React.PureComponent {
constructor(props) { constructor(props) {
super(props); super(props);
@ -190,6 +197,7 @@ class Markdown extends React.PureComponent {
<ReactMarkdown <ReactMarkdown
source={this.state.markdownSource || markdownPlaceHolder} source={this.state.markdownSource || markdownPlaceHolder}
escapeHtml={false} escapeHtml={false}
allowNode={isSafeMarkup}
/> />
); );
} }