faker icon indicating copy to clipboard operation
faker copied to clipboard

Published 20 hours ago verified publisher icon faker-js

Sanitize html in docs

Open Shinigami92 opened this issue 3 years ago • 5 comments

https://github.com/faker-js/faker/blob/51a88634092dbe17985e434572385af4e99d1022/scripts/apidoc/signature.ts#L65

Shinigami92 avatar Aug 06 '22 20:08 Shinigami92

Could we use the sanitize-html npm package?

ejcheng avatar Aug 06 '22 23:08 ejcheng

This is literally what we have used before: https://github.com/faker-js/faker/blob/51a88634092dbe17985e434572385af4e99d1022/scripts/apidoc/signature.ts#L65-L76

ST-DDT avatar Aug 06 '22 23:08 ST-DDT

This is literally what we have used before:

https://github.com/faker-js/faker/blob/51a88634092dbe17985e434572385af4e99d1022/scripts/apidoc/signature.ts#L65-L76

My bad, I skipped over the commented block. I just tried uncommenting the sanitizing code and the options object, but the tests started failing.

ejcheng avatar Aug 07 '22 02:08 ejcheng

Sorry, I don't understand this issue. Could you give an example of where XSS would be possible? As far as I can tell only intern source code is used in the parsing process.

xDivisionByZerox avatar Aug 28 '22 10:08 xDivisionByZerox

This is an optional safeguard against issues in our jsdocs examples -> api docs (review) process. The examples should stay exactly that: textual examples.

ST-DDT avatar Aug 28 '22 14:08 ST-DDT