Merge pull request #94 from Team-INSERT/hotfix/xxs

XSS공격 방어

Author: Ubinquitous

src/components/atoms/CustomViewer.tsx

@@ -1,5 +1,6 @@
 import React from "react";
 import MDViewer from "@uiw/react-markdown-preview";
+import { getXSSContent } from "@/helpers";
 
 interface MDViewerPropsType {
   content?: string;
@@ -8,7 +9,7 @@ interface MDViewerPropsType {
 const CustomViewer = ({ content }: MDViewerPropsType) => {
   return (
     <MDViewer
-      source={content}
+      source={getXSSContent(content)}
       wrapperElement={{
         "data-color-mode": "light",
       }}

src/helpers/getXSSContent.helper.ts

@@ -0,0 +1,11 @@
+const getXSSContent = (content?: string) => {
+  if (content)
+    return content
+      .replaceAll("<style>", "")
+      .replaceAll("</style>", "")
+      .replaceAll("<script>", "")
+      .replaceAll("</script>", "");
+  return content;
+};
+
+export default getXSSContent;

src/helpers/index.ts

@@ -13,3 +13,4 @@ export { default as getTimetableType } from "./getTimetableType.helper";
 export { default as getDay } from "./getDay.helper";
 export { default as getClassName } from "./getClassName.helper";
 export { default as getMeisterChapter } from "./getMeisterChapter.helper";
+export { default as getXSSContent } from "./getXSSContent.helper";