Content Manager: Added Documentation, Implemented functional approach to the HTML table generation and refactored API codes, Using DOM purifier to prevent XSS

2024-11-29 01:40:44 +09:00
parent 234b93d711
commit 3ddcf5fa5e
45 changed files with 16953 additions and 70 deletions
--- a/src-manager/pages/update-news.html
+++ b/src-manager/pages/update-news.html
@@ -5,9 +5,12 @@
    <title>Content Manager - update news</title>
    <link rel="stylesheet" href="/styles/markdown.css">
    <link rel="stylesheet" href="/styles/color-pallet.css">
-    <script src="https://unpkg.com/htmx.org@2.0.2" integrity="sha384-Y7hw+L/jvKeWIRRkqWYfPcvVxHzVzn5REgzbawhxAuQGwX1XWe70vji+VSeHOThJ" crossorigin="anonymous"></script>
+    <script src="https://unpkg.com/htmx.org@2.0.3" crossorigin="anonymous"></script>
    <script src="https://unpkg.com/axios/dist/axios.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+    <script type="module">
+        import DOMPurify from "https://cdn.jsdelivr.net/npm/isomorphic-dompurify/+esm"
+    </script>
    <style>
        form fieldset {
            display: grid;
@@ -101,11 +104,13 @@
            .catch((err) => {console.error(err)});

        articleEditor.addEventListener('input', () => {
-            markdownPreview.innerHTML = marked.parse(articleEditor.value);
+            const cleanHTML = DOMPurify.sanitize(marked.parse(articleEditor.value));
+            markdownPreview.innerHTML = cleanHTML;
        });

        cardContentInput.addEventListener('input', () => {
-            cardContentPreview.innerHTML = marked.parse(cardContentInput.value);
+            const cleanHTML = DOMPurify.sanitize(marked.parse(cardContentInput.value));
+            cardContentPreview.innerHTML = cleanHTML;
        });

        submitButton.addEventListener('click', () => {
@@ -113,4 +118,4 @@
        });
    </script>
 </body>
-</html>
+</html>