Commit e80627d

committed

Remove dependency on vue-showdown

Depend on Showdown directly instead, cutting out the middleman. Additionally: * Escape HTML outside of Markdown code blocks, in order to prevent unintended rendering of HTML elements (e.g. the `textarea` in CVE-2022-25869) * Always run Showdown output through DOMPurify Signed-off-by: nscuro <[email protected]>

1 parent 9c6bd07 commit e80627dCopy full SHA for e80627d

5 files changed

+17017

-555

lines changed

package-lock.json
package.json
src
- main.js
- views
  - components
    - Showdown.vue
  - portfolio/vulnerabilities
    - Vulnerability.vue

5 files changed

+17017

-555

lines changed

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit e80627d

5 files changed

5 files changed

Uh oh!

File tree

5 files changed

5 files changed

0 commit comments