fix(html pipe): Sanitize generated markdown to avoid XSS attacks

Properly escape the initial markdown and custom matchers to avoid potential XSS attacks via JS injection, and also avoid DOM clubbering fix #253
adobe · May 28, 2019 · e2d7963 · e2d7963
1 parent 65430d4
commit e2d7963
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/utils/mdast-to-vdom.js b/src/utils/mdast-to-vdom.js
@@ -21,6 +21,7 @@ const { JSDOM } = require('jsdom');
 const HeadingHandler = require('./heading-handler');
 const sanitize = require('./sanitize-hast');
 const HeadingHandler = require('./heading-handler');
+const sanitize = require('./sanitize-hast');
 const image = require('./image-handler');
 const embed = require('./embed-handler');
 const link = require('./link-handler');