🛂(frontend) secure download button

Blocknote download button opens the file in a new tab, which could be not secure because of XSS attacks. We replace the download button with a new one that downloads the file instead of opening it in a new tab. Some files are flags as unsafe (SVG / js / exe), for these files we add a confirmation modal before downloading the file to prevent the user from downloading a file that could be harmful. In the future, we could add other security layers from this model, to analyze the file before downloading it by example.
2025-02-28 11:38:12 +01:00
parent ebd49f05a8
commit d099d58f77
7 changed files with 288 additions and 13 deletions
--- a/src/frontend/apps/e2e/tests/app-impress/assets/test.svg
+++ b/src/frontend/apps/e2e/tests/app-impress/assets/test.svg
@@ -0,0 +1,13 @@
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  width="100"
+  height="100"
+  viewBox="0 0 100 100"
+>
+  <circle cx="50" cy="30" r="20" fill="#3498db" />
+  <polygon
+    points="50,10 55,20 65,20 58,30 60,40 50,35 40,40 42,30 35,20 45,20"
+    fill="#f1c40f"
+  />
+  <text x="50" y="70" text-anchor="middle" fill="white">Hello svg</text>
+</svg>