@abgov/jsonforms-components 2.47.4 → 2.47.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.esm.js CHANGED
@@ -14,6 +14,8 @@ import merge from 'lodash/merge';
14
14
  import isEmpty from 'lodash/isEmpty';
15
15
  import range from 'lodash/range';
16
16
  import pluralize from 'pluralize';
17
+ import dompurify from 'dompurify';
18
+ import * as xss from 'xss';
17
19
  import { evaluateSync, compileSync } from '@mdx-js/mdx';
18
20
  import { Parser } from 'expr-eval-fork';
19
21
  import addErrors from 'ajv-errors';
@@ -13129,16 +13131,12 @@ const getCategoryStatus = category => {
13129
13131
  const getCategoryStatusBadge = category => {
13130
13132
  const status = getCategoryStatus(category);
13131
13133
  const badgeType = status === PageStatus.Complete ? 'success' : 'information';
13132
- return (
13133
- // <div style={{ paddingTop: '5px' }}>
13134
- jsx(GoabBadge, {
13135
- type: badgeType,
13136
- content: status,
13137
- ariaLabel: status,
13138
- icon: false
13139
- })
13140
- // </div>
13141
- );
13134
+ return jsx(GoabBadge, {
13135
+ type: badgeType,
13136
+ content: status,
13137
+ ariaLabel: status,
13138
+ icon: false
13139
+ });
13142
13140
  };
13143
13141
 
13144
13142
  /* eslint-disable jsx-a11y/anchor-is-valid */
@@ -13158,7 +13156,10 @@ const CategoryRow = ({
13158
13156
  onKeyDown: e => e.key === 'Enter' && onClick(index),
13159
13157
  "data-testid": `page-ref-${index}`,
13160
13158
  children: [jsx("td", {
13161
- children: category.label
13159
+ children: jsx("a", {
13160
+ href: "#",
13161
+ children: category.label
13162
+ })
13162
13163
  }, `task-list-${index}-stepper-row-label`), jsx(CategoryStatus, {
13163
13164
  children: jsx(Center, {
13164
13165
  children: getCategoryStatusBadge(category)
@@ -13193,6 +13194,81 @@ const SummaryRow = ({
13193
13194
  });
13194
13195
  };
13195
13196
 
13197
+ const options = {
13198
+ whiteList: {
13199
+ html: ['lang'],
13200
+ meta: ['name', 'content', 'charset'],
13201
+ div: ['style', 'class'],
13202
+ style: [],
13203
+ a: ['href', 'title', 'target', 'style', 'class'],
13204
+ em: [],
13205
+ main: [],
13206
+ footer: ['style'],
13207
+ header: ['style'],
13208
+ head: [],
13209
+ abbr: ['title', 'style'],
13210
+ title: [],
13211
+ address: ['style'],
13212
+ area: ['shape', 'coords', 'href', 'alt', 'style'],
13213
+ article: [],
13214
+ blockquote: [],
13215
+ aside: [],
13216
+ details: [],
13217
+ h1: [],
13218
+ h2: [],
13219
+ h3: [],
13220
+ h4: [],
13221
+ h5: [],
13222
+ h6: [],
13223
+ hr: [],
13224
+ i: [],
13225
+ img: ['src', 'alt', 'title', 'width', 'height'],
13226
+ ins: ['datetime'],
13227
+ li: [],
13228
+ mark: [],
13229
+ nav: [],
13230
+ ol: [],
13231
+ p: [],
13232
+ pre: [],
13233
+ s: [],
13234
+ section: [],
13235
+ small: [],
13236
+ span: ['class', 'style'],
13237
+ sub: [],
13238
+ summary: [],
13239
+ sup: [],
13240
+ select: [],
13241
+ optgroup: [],
13242
+ form: [],
13243
+ strong: [],
13244
+ label: [],
13245
+ strike: [],
13246
+ table: ['width', 'border', 'align', 'valign', 'class', 'style'],
13247
+ tbody: ['align', 'valign', 'class', 'style'],
13248
+ body: ['class', 'style'],
13249
+ td: ['width', 'rowspan', 'colspan', 'align', 'valign', 'class', 'style'],
13250
+ tfoot: ['align', 'valign', 'class', 'style'],
13251
+ th: ['width', 'rowspan', 'colspan', 'align', 'valign', 'class', 'style'],
13252
+ thead: ['align', 'valign'],
13253
+ tr: ['rowspan', 'align', 'valign'],
13254
+ tt: [],
13255
+ u: [],
13256
+ ul: [],
13257
+ br: [],
13258
+ b: [],
13259
+ option: []
13260
+ }
13261
+ }; // Custom rules
13262
+ new xss.FilterXSS(options);
13263
+ const sanitizeHtml = dompurify.sanitize;
13264
+ dompurify.addHook('afterSanitizeAttributes', function (node) {
13265
+ // set all elements owning target to target=_blank
13266
+ if ('target' in node) {
13267
+ node.setAttribute('target', '_blank');
13268
+ node.setAttribute('rel', 'noopener noreferrer');
13269
+ }
13270
+ });
13271
+
13196
13272
  const _excluded$1 = ["type"];
13197
13273
  const AdditionalInstructionsRow = ({
13198
13274
  additionalInstructions,
@@ -13203,6 +13279,7 @@ const AdditionalInstructionsRow = ({
13203
13279
  const type = validTypes.includes(calloutType) ? calloutType : 'information';
13204
13280
  const _ref = componentProps || {},
13205
13281
  otherProps = _objectWithoutPropertiesLoose(_ref, _excluded$1);
13282
+ const sanitizedHtml = sanitizeHtml(additionalInstructions);
13206
13283
  return jsx("tr", {
13207
13284
  children: jsx("td", {
13208
13285
  colSpan: 2,
@@ -13211,7 +13288,11 @@ const AdditionalInstructionsRow = ({
13211
13288
  mt: "xl",
13212
13289
  mb: "l"
13213
13290
  }, otherProps, {
13214
- children: additionalInstructions
13291
+ children: jsx("div", {
13292
+ dangerouslySetInnerHTML: {
13293
+ __html: sanitizedHtml
13294
+ }
13295
+ })
13215
13296
  }))
13216
13297
  })
13217
13298
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@abgov/jsonforms-components",
3
- "version": "2.47.4",
3
+ "version": "2.47.6",
4
4
  "license": "Apache-2.0",
5
5
  "description": "Government of Alberta - React renderers for JSON Forms based on the design system.",
6
6
  "repository": "https://github.com/GovAlta/adsp-monorepo",
@@ -10,6 +10,8 @@
10
10
  "@jsonforms/core": "^3.1.0",
11
11
  "@jsonforms/react": "^3.1.0",
12
12
  "react": "^18.0.0",
13
+ "dompurify": "^3.2.4",
14
+ "xss": "^1.0.15",
13
15
  "ajv": "^8.6.1",
14
16
  "ajv-errors": "^3.0.0",
15
17
  "ajv-formats": "^3.0.1",
@@ -0,0 +1,19 @@
1
+ import dompurify from 'dompurify';
2
+ export declare const sanitizeHtml: {
3
+ (dirty: string | Node, cfg: dompurify.Config & {
4
+ RETURN_TRUSTED_TYPE: true;
5
+ }): import("trusted-types/lib").TrustedHTML;
6
+ (dirty: Node, cfg: dompurify.Config & {
7
+ IN_PLACE: true;
8
+ }): Node;
9
+ (dirty: string | Node, cfg: dompurify.Config & {
10
+ RETURN_DOM: true;
11
+ }): Node;
12
+ (dirty: string | Node, cfg: dompurify.Config & {
13
+ RETURN_DOM_FRAGMENT: true;
14
+ }): DocumentFragment;
15
+ (dirty: string | Node, cfg?: dompurify.Config): string;
16
+ };
17
+ export declare function hasXSS(html: string): boolean;
18
+ export declare const htmlSanitized: (html: string) => string;
19
+ export declare const XSSErrorMessage = "The template contains content that could expose users to Cross Site Scripting attacks. Remove risky elements like <script> to save the template.";