I am seeking for the proper way to linkify a string block with MeteorJS. The goal is to prevent XSS vulnerabilities but also to keep the reactivty.
I am currently bulding a chat with MeteorJS. Each of the message in my template can be edited. I have already tried thoses solutions:
1- Linkify DOM node woth various jQuery plugins/custon regex View rootView = LayoutInflater.from(context).inflate(R.layout.some_layout, parent, false);
WatchViewStub stub = (WatchViewStub) rootView.findViewById(R.id.watch_view_stub);
function. Problem is that the replace() callback is fired once, so messages updated won't be linkified again.
2- Return linkified HTML content from a helper. Problem is that it expose the app to XSS vulneravilities, and with a sanitizing process, some text may be lost (i want to keep the whole text, to display HTML code as text for exanple)
3- Used an autorun conputation declared in the onRendered callback with the onRendered reactive dependency. It ensure that the DOM node will be linkified at every message update, but problem is that old content added manually with jQuery will remain in the node.
So, is there a way to ensure reactivity but also to keep the whole text in place. The goal here is to allow people to send code as text via messages. Meteor Spacebars is already predenting basic XSS with the double curly brace notation Template.currentData().
Thanks,
wILL
答案 0 :(得分:0)
Ok, seems like https://github.com/chuangbo/meteor-marked is the good option. It handle bare links.