Merge pull request #110 from xHeaven/patch-1

Clientside output purifying
spatie · Jan 6, 2025 · fc3ba62 · fc3ba62
2 parents d2767dd + 35faa11
commit fc3ba62
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 5 deletions.
diff --git a/package.json b/package.json
@@ -24,6 +24,7 @@
         "prettier": "^1.15.3",
         "split-grid": "^1.0.9",
         "tailwindcss": "^0.7.2",
-        "vue": "^2.5.7"
+        "vue": "^2.5.7",
+        "dompurify": "^3.2.3"
     }
 }
diff --git a/public/app.js b/public/app.js
diff --git a/public/mix-manifest.json b/public/mix-manifest.json
@@ -1,4 +1,4 @@
 {
-    "/app.js": "/app.js?id=54675ea5df087610508e",
+    "/app.js": "/app.js?id=f5f7de2fdbf2c19e7948",
     "/app.css": "/app.css?id=1e19e507bfac7fe73255"
 }
diff --git a/resources/js/components/Tinker.vue b/resources/js/components/Tinker.vue
@@ -10,6 +10,7 @@
 import TinkerInput from './TinkerInput';
 import TinkerOutput from './TinkerOutput';
 import Split from 'split-grid';
+import DOMPurify from 'dompurify';
 
 export default {
     components: {
@@ -56,7 +57,7 @@ export default {
 
     methods: {
         handleExecute(output) {
-            this.output = output;
+            this.output = DOMPurify.sanitize(output);
         },
 
         initSplit() {

diff --git a/src/Tinker.php b/src/Tinker.php
@@ -116,6 +116,6 @@ protected function cleanOutput(string $output): string
 
         $output = preg_replace('/(?s)(<whisper.*?<\/whisper>)|INFO  Ctrl\+D\./ms', '$2', $output);
 
-        return htmlentities(trim($output));
+        return trim($output);
     }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -2,6 +2,11 @@
 # yarn lockfile v1
 
 
+"@types/trusted-types@^2.0.7":
+  version "2.0.7"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11"
+  integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
+
 abbrev@1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
@@ -2077,6 +2082,13 @@ domain-browser@^1.1.1:
   resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.2.0.tgz#3d31f50191a6749dd1375a7f522e823d42e54eda"
   integrity sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==
 
+dompurify@^3.2.3:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.3.tgz#05dd2175225324daabfca6603055a09b2382a4cd"
+  integrity sha512-U1U5Hzc2MO0oW3DF+G9qYN0aT7atAou4AgI0XjWz061nyBPbdxkfdhfy5uMgGn6+oLFCfn44ZGbdDqCzVmlOWA==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
+
 dotenv-expand@^4.2.0:
   version "4.2.0"
   resolved "https://registry.yarnpkg.com/dotenv-expand/-/dotenv-expand-4.2.0.tgz#def1f1ca5d6059d24a766e587942c21106ce1275"