Sanitize chagnelog for < and >. Only show version in TableOfContents

techniq · Jul 8, 2023 · 08f1d41 · 08f1d41
1 parent 6143fae
commit 08f1d41
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/routes/changelog/+page.svelte b/src/routes/changelog/+page.svelte
@@ -3,19 +3,23 @@
 
   import changelog from '../../../CHANGELOG.md?raw';
   import TableOfContents from '$lib/components/TableOfContents.svelte';
+
+  function sanitize(str: string) {
+    return str.replace(/</g, '\\<').replace(/>/g, '\\>');
+  }
 </script>
 
 <div class="grid grid-cols-[1fr,auto] gap-6 pt-2 pb-4">
   <div class="bg-white p-2 m-2 rounded shadow-lg border overflow-auto">
     <div class="prose px-4">
-      {@html marked.parse(changelog)}
+      {@html marked.parse(sanitize(changelog))}
     </div>
   </div>
 
   <div class="hidden lg:block w-[224px]">
     <div class="sticky top-0 pr-2">
       <div class="text-xs uppercase leading-8 tracking-widest text-black/50">On this page</div>
-      <TableOfContents />
+      <TableOfContents maxDepth={2} />
     </div>
   </div>
 </div>