Staging instance, all changes can be removed at any time

Skip to content

assets/readme-rendering: Use dompurify as XSS filter

XSS filtering has recently been added to swh-web (!89 (closed)) for the rendering of README files in markdown format.

But as @kalpitk noticed it, the rendering of images located in an origin source tree is now broken.

So instead of using showdown-xss-filter package, prefer to use the dompurify one which seems to have a good default white list for XSS filtering.

Related #1642 (closed)


Migrated from D1412 (view on Phabricator)

Merge request reports

Loading