fix(editor): Sanitize HTML binary-data before rendering in the UI (#7400)

2025-12-17 01:56:46 +00:00 · 2023-10-11 12:09:19 +02:00
parent 47e8953ec9
commit 2b075bfc2d
7 changed files with 31 additions and 21 deletions
--- a/packages/editor-ui/src/components/RunDataHtml.vue
+++ b/packages/editor-ui/src/components/RunDataHtml.vue
@@ -1,11 +1,10 @@
 <template>
-	<iframe class="__html-display" :srcdoc="html" />
+	<iframe class="__html-display" :srcdoc="sanitizedHtml" />
 </template>

 <script lang="ts">
 import type { PropType } from 'vue';
 import sanitizeHtml, { defaults, type IOptions as SanitizeOptions } from 'sanitize-html';
-import type { INodeExecutionData } from 'n8n-workflow';

 const sanitizeOptions: SanitizeOptions = {
 	allowVulnerableTags: false,
@@ -24,14 +23,13 @@ const sanitizeOptions: SanitizeOptions = {
 export default {
 	name: 'RunDataHtml',
 	props: {
-		inputData: {
-			type: Array as PropType<INodeExecutionData[]>,
+		inputHtml: {
+			type: String as PropType<string>,
 		},
 	},
 	computed: {
-		html() {
-			const markup = (this.inputData?.[0].json.html as string) ?? '';
-			return sanitizeHtml(markup, sanitizeOptions);
+		sanitizedHtml() {
+			return sanitizeHtml(this.inputHtml, sanitizeOptions);
 		},
 	},
 };