Merge pull request #31 from expoli/patch_test

try to fix Code scanning alerts

components/PrismMac.js

@@ -12,6 +12,7 @@ import 'prismjs/plugins/line-numbers/prism-line-numbers.css'
 // mermaid图
 import BLOG from '@/blog.config'
 import { isBrowser, loadExternalResource } from '@/lib/utils'
+import sanitizeHtml from 'sanitize-html';
 
 /**
  * @author https://github.com/txs/
@@ -43,7 +44,7 @@ const renderMermaid = async() => {
   const mermaidPres = document.querySelectorAll('pre.notion-code.language-mermaid')
   if (mermaidPres) {
     for (const e of mermaidPres) {
-      const chart = e.querySelector('code').textContent
+      const chart = sanitizeHtml(e.querySelector('code').textContent)
       if (chart && !e.querySelector('.mermaid')) {
         const m = document.createElement('div')
         m.className = 'mermaid'

package.json

@@ -52,6 +52,7 @@
     "react-notion-x": "6.16.0",
     "react-share": "^4.4.1",
     "react-tweet-embed": "~2.0.0",
+    "sanitize-html": "^2.10.0",
     "smoothscroll-polyfill": "^0.4.4",
     "twikoo": "1.6.16",
     "typed.js": "^2.0.15",

themes/fukasawa/LayoutSearch.js

@@ -6,11 +6,12 @@ import { useRouter } from 'next/router'
 import { useEffect } from 'react'
 import Mark from 'mark.js'
 import { isBrowser } from '@/lib/utils'
+import sanitizeHtml from 'sanitize-html';
 
 export const LayoutSearch = (props) => {
   const { keyword } = props
   const router = useRouter()
-  const currentSearch = keyword || router?.query?.s
+  const currentSearch = sanitizeHtml(keyword || router?.query?.s)
   useEffect(() => {
     setTimeout(() => {
       const container = isBrowser() && document.getElementById('container')

themes/hexo/LayoutSearch.js

@@ -10,12 +10,14 @@ import Mark from 'mark.js'
 import TagItemMini from './components/TagItemMini'
 import Card from './components/Card'
 import Link from 'next/link'
+import sanitizeHtml from 'sanitize-html';
 
 export const LayoutSearch = props => {
   const { keyword, tagOptions, categoryOptions } = props
   const { locale } = useGlobal()
   const router = useRouter()
-  const currentSearch = keyword || router?.query?.s
+  const tempSearch = sanitizeHtml(keyword || router?.query?.s)
+  const currentSearch = tempSearch
   const cRef = useRef(null)
 
   useEffect(() => {

themes/matery/LayoutSearch.js

@@ -10,12 +10,14 @@ import Mark from 'mark.js'
 import TagItemMini from './components/TagItemMini'
 import Card from './components/Card'
 import Link from 'next/link'
+import sanitizeHtml from 'sanitize-html';
 
 export const LayoutSearch = props => {
   const { keyword, tagOptions, categoryOptions } = props
   const { locale } = useGlobal()
   const router = useRouter()
-  const currentSearch = keyword || router?.query?.s
+  const tempSearch = sanitizeHtml(keyword || router?.query?.s)
+  const currentSearch = tempSearch
   const cRef = useRef(null)
 
   useEffect(() => {

themes/matery/components/WordCount.js

@@ -1,4 +1,5 @@
 import { useEffect } from 'react'
+import sanitizeHtml from 'sanitize-html';
 
 /**
  * 字数统计
@@ -41,7 +42,7 @@ function deleteHtmlTag(str) {
   if (!str) {
     return ''
   }
-  str = str.replace(/<[^>]+>|&[^>]+;/g, '').trim()// 去掉所有的html标签和&nbsp;之类的特殊符合
+  str = sanitizeHtml(str)
   return str
 }
 

themes/next/components/WordCount.js

@@ -1,4 +1,5 @@
 import { useEffect } from 'react'
+import sanitizeHtml from 'sanitize-html';
 
 /**
  * 字数统计
@@ -32,7 +33,7 @@ function deleteHtmlTag(str) {
   if (!str) {
     return ''
   }
-  str = str.replace(/<[^>]+>|&[^>]+;/g, '').trim()// 去掉所有的html标签和&nbsp;之类的特殊符合
+  str = sanitizeHtml(str)// 去掉所有的html标签和&nbsp;之类的特殊符合
   return str
 }