diff --git a/package.json b/package.json index ddb52fd..9b6d20e 100644 --- a/package.json +++ b/package.json @@ -63,18 +63,21 @@ "d3-selection": "^1.4.0", "d3-shape": "^1.3.5", "d3-svg-annotation": "^2.4.0", - "d3-transition": "^1.2.0" + "d3-transition": "^1.2.0", + "dompurify": "^2.2.2" }, "devDependencies": { "@babel/core": "^7.4.0", "@babel/preset-env": "^7.4.2", "@types/d3": "^5.7.1", + "@types/dompurify": "^2.0.4", "@types/node": "^11.12.0", "babelify": "^10.0.0", "browserify": "^16.2.3", "cssnano": "^4.1.10", "d3": "^5.9.2", "gitbook": "^3.2.3", + "gitbook-cli": "^2.3.2", "gitbook-plugin-custom-favicon": "0.0.4", "gitbook-plugin-ga": "^1.0.1", "gitbook-plugin-toggle-chapters": "0.0.3", @@ -99,8 +102,7 @@ "styled-jsx-plugin-postcss": "^2.0.0", "tsify": "^4.0.1", "typescript": "^3.3.4000", - "uglify-js": "^3.5.2", - "gitbook-cli": "^2.3.2" + "uglify-js": "^3.5.2" }, "files": [ "/dist", diff --git a/src/scripts/chartAdvanced/pie.js b/src/scripts/chartAdvanced/pie.js index 50306c7..70f6986 100644 --- a/src/scripts/chartAdvanced/pie.js +++ b/src/scripts/chartAdvanced/pie.js @@ -1,4 +1,6 @@ import functor from '../util/functor'; +import sanitize from '../util/sanitize'; + /** * d2b.chartPieAdvanced(chart, datum) configures the input chart and formats a returned datum set @@ -9,7 +11,7 @@ export default function (chart, datum) { // Chart Config chart - .label(d => d.label) + .label(d => sanitize(d.label)) .value(d => d.value) .duration.conditionally(datum.duration) .donutRatio.conditionally(datum.donutRatio) diff --git a/src/scripts/util/sanitize.js b/src/scripts/util/sanitize.js new file mode 100644 index 0000000..89369ed --- /dev/null +++ b/src/scripts/util/sanitize.js @@ -0,0 +1,10 @@ +import Dompurify from "dompurify"; + + +/** + * Returns sanitized string prior to render. + * @param {string} string + */ +export default function sanitize(v) { + return Dompurify.sanitize(v); +} \ No newline at end of file