Fix XSS issue with Squiggle Editor

This commit is contained in:
Sam Nolan 2022-03-30 21:39:32 +11:00
parent ffe5846bfe
commit 41db968e99
2 changed files with 23 additions and 5 deletions

View File

@ -25,11 +25,7 @@ export interface SquiggleEditorProps {
onEnvChange?(env: exportEnv): void; onEnvChange?(env: exportEnv): void;
} }
const highlight = (editor: HTMLInputElement) => { const highlight = (_: HTMLInputElement) => {};
let code = editor.textContent;
code = code.replace(/\((\w+?)(\b)/g, '(<font color="#8a2be2">$1</font>$2');
editor.innerHTML = code;
};
interface SquiggleEditorState { interface SquiggleEditorState {
expression: string; expression: string;

View File

@ -0,0 +1,22 @@
import { SquiggleEditor } from "../SquiggleEditor";
import { Canvas, Meta, Story, Props } from "@storybook/addon-docs";
<Meta title="Squiggle/SquiggleEditor" component={SquiggleEditor} />
export const Template = (props) => <SquiggleEditor {...props} />;
# Squiggle Editor
Squiggle Editor is a Squiggle chart with a text editor included for changing
the distribution.
<Canvas>
<Story
name="Normal"
args={{
initialSquiggleString: "normal(5,2)",
}}
>
{Template.bind({})}
</Story>
</Canvas>