Fixes: #1391 (#1392)

gitcoinco · Jun 7, 2018 · 14d2737 · 14d2737
1 parent 9494da2
commit 14d2737
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 6 deletions.
diff --git a/app/assets/v2/js/pages/bounty_details.js b/app/assets/v2/js/pages/bounty_details.js
@@ -122,11 +122,7 @@ var callbacks = {
   'issue_description': function(key, val, result) {
     var converter = new showdown.Converter();
 
-    val = val.replace(/script/ig, 'scr_i_pt');
-    var ui_body = val;
-
-    ui_body = converter.makeHtml(ui_body);
-
+    ui_body = converter.makeHtml(val);
     return [ 'issue_description', ui_body ];
   },
   'bounty_owner_address': address_ize,

diff --git a/app/assets/v2/js/purify.min.js b/app/assets/v2/js/purify.min.js
diff --git a/app/assets/v2/js/shared.js b/app/assets/v2/js/shared.js
@@ -105,7 +105,7 @@ var sanitize = function(str) {
   if (typeof str != 'string') {
     return str;
   }
-  result = str.replace(/>/g, '&gt;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;');
+  result = DOMPurify.sanitize(str);
   return result;
 };
 

diff --git a/app/retail/templates/shared/footer_scripts.html b/app/retail/templates/shared/footer_scripts.html
@@ -28,6 +28,7 @@
     <script src="{% static "v2/js/jquery.validate.min.js" %}"></script>
     <script src="{% static "v2/js/jsrender.js" %}"></script>
     <script src="{% static "v2/js/base.js" %}"></script>
+    <script src="{% static "v2/js/purify.min.js" %}"></script>
     <script src="{% static "v2/js/shared.js" %}"></script>
     <script src="{% static "v2/js/work_with_gitcoin.js" %}"></script>
     <script src="{% static "v2/js/animate.min.js" %}"></script>