Enable dompurify trusted types

swagger-api · Feb 1, 2025 · c04767e · c04767e
1 parent e5f9647
commit c04767e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/src/core/components/providers/markdown.jsx b/src/core/components/providers/markdown.jsx
@@ -67,6 +67,7 @@ export function sanitizer(str, { useUnsafeMarkdown = false } = {}) {
     FORBID_TAGS: ["style", "form"],
     ALLOW_DATA_ATTR,
     FORBID_ATTR,
+    RETURN_TRUSTED_TYPE: true
   })
 }
 sanitizer.hasWarnedAboutDeprecation = false
diff --git a/src/core/plugins/oas3/wrap-components/markdown.jsx b/src/core/plugins/oas3/wrap-components/markdown.jsx
@@ -17,18 +17,18 @@ export const Markdown = ({ source, className = "", getConfigs = () => ({ useUnsa
   if ( source ) {
     const { useUnsafeMarkdown } = getConfigs()
     const html = parser.render(source)
-    const sanitized = sanitizer(html, { useUnsafeMarkdown })
 
     let trimmed
 
-    if(typeof sanitized === "string") {
-      trimmed = sanitized.trim()
-    }
+    if (typeof html === "string")
+      trimmed = html.trim()
+
+    const sanitized = sanitizer(trimmed, { useUnsafeMarkdown })
 
     return (
       <div
         dangerouslySetInnerHTML={{
-          __html: trimmed
+          __html: sanitized
         }}
         className={cx(className, "renderedMarkdown")}
       />