Northern_Lights/cherry-studio
1
0
Fork 0
mirror of https://github.com/CherryHQ/cherry-studio.git synced 2025-12-28 05:11:24 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix(ImagePreview): add relaxed sanitize rules for svg (#9293)

Browse Source
This commit is contained in:
one 2025-08-19 12:58:45 +08:00 committed by GitHub
parent 585e49ac65
commit e3c52a6174
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/renderer/src/components/Preview/utils.ts
View File

@ -1,4 +1,5 @@
import { makeSvgSizeAdaptive } from '@renderer/utils'
import DOMPurify from 'dompurify'
/**
* Renders an SVG string inside a host element's Shadow DOM to ensure style encapsulation.
@ -14,14 +15,11 @@ export function renderSvgInShadowHost(svgContent: string, hostElement: HTMLEleme
throw new Error('Host element for SVG rendering is not available.')
}
// FIXME: Sanitize the SVG content
// const sanitizedContent = DOMPurify.sanitize(svgContent, {
// USE_PROFILES: { svg: true, svgFilters: true },
// RETURN_DOM_FRAGMENT: false,
// RETURN_DOM: false
// })
const sanitizedContent = svgContent
// Sanitize the SVG content
const sanitizedContent = DOMPurify.sanitize(svgContent, {
USE_PROFILES: { svg: true, svgFilters: true },
ADD_TAGS: ['style', 'defs', 'foreignObject']
})
const shadowRoot = hostElement.shadowRoot || hostElement.attachShadow({ mode: 'open' })