Allowed markdown in footer of status page

Markdown support has been added using the marked module. To secure against XSS attacks, DOMPurify is used to sanitize the generated HTML before it is loaded on the page. Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2025-08-11 17:34:24 +08:00 · 2023-01-08 20:39:27 +00:00
parent f3d3e064f8
commit 6bc0bd84af
4 changed files with 42 additions and 1 deletions
--- a/package.json
+++ b/package.json
@@ -81,6 +81,7 @@
        "compare-versions": "~3.6.0",
        "compression": "~1.7.4",
        "dayjs": "~1.11.5",
+        "dompurify": "^2.4.3",
        "express": "~4.17.3",
        "express-basic-auth": "~1.2.1",
        "express-static-gzip": "~2.1.7",
@@ -93,6 +94,7 @@
        "jsonwebtoken": "~9.0.0",
        "jwt-decode": "~3.1.2",
        "limiter": "~2.1.0",
+        "marked": "^4.2.5",
        "mqtt": "~4.3.7",
        "mssql": "~8.1.4",
        "mysql2": "~2.3.3",