@abyss-project/spotlight 1.0.14 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -93,4 +93,7 @@ AbyssSpotlightCore.config = {
93
93
  baseURL: DEFAULT_BASE_URL,
94
94
  abyssUserAnonymousIdentifier: '',
95
95
  };
96
- AbyssSpotlightCore.axios = axios_1.default.create({ baseURL: _a.config.baseURL });
96
+ AbyssSpotlightCore.axios = axios_1.default.create({
97
+ baseURL: _a.config.baseURL,
98
+ withCredentials: true,
99
+ });
@@ -3,6 +3,7 @@ export interface IUpsertProjectPresentationParams {
3
3
  }
4
4
  export interface IUpsertProjectPresentationBody {
5
5
  content: string;
6
+ customCss?: string;
6
7
  }
7
8
  export interface IGetProjectPresentationParams {
8
9
  projectId: string;
@@ -4,6 +4,7 @@ export interface IProjectPresentation {
4
4
  id?: string;
5
5
  type: ProjectPresentationType;
6
6
  content: string;
7
+ customCss?: string;
7
8
  projectId: string;
8
9
  updatedAt?: Date;
9
10
  createdAt?: Date;
@@ -0,0 +1,2 @@
1
+ export declare const sanitizeCss: (css: string) => string;
2
+ export declare const isValidCss: (css: string) => boolean;
@@ -0,0 +1,33 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.isValidCss = exports.sanitizeCss = void 0;
4
+ const sanitizeCss = (css) => {
5
+ if (!css) {
6
+ return '';
7
+ }
8
+ let sanitized = css;
9
+ sanitized = sanitized.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
10
+ sanitized = sanitized.replace(/<\/style>/gi, '');
11
+ sanitized = sanitized.replace(/javascript:/gi, '');
12
+ sanitized = sanitized.replace(/\bon\w+\s*=/gi, '');
13
+ sanitized = sanitized.replace(/expression\s*\(/gi, '');
14
+ sanitized = sanitized.replace(/@import\s+.*javascript:/gi, '');
15
+ sanitized = sanitized.replace(/behavior\s*:/gi, '/* behavior: */');
16
+ sanitized = sanitized.replace(/-moz-binding\s*:/gi, '/* -moz-binding: */');
17
+ return sanitized.trim();
18
+ };
19
+ exports.sanitizeCss = sanitizeCss;
20
+ const isValidCss = (css) => {
21
+ if (!css) {
22
+ return true;
23
+ }
24
+ const suspiciousPatterns = [
25
+ /<script/i,
26
+ /<\/script>/i,
27
+ /javascript:/i,
28
+ /on\w+=/i,
29
+ /expression\(/i,
30
+ ];
31
+ return !suspiciousPatterns.some((pattern) => pattern.test(css));
32
+ };
33
+ exports.isValidCss = isValidCss;
@@ -1 +1,2 @@
1
1
  export * from './error.utils';
2
+ export * from './css-sanitizer.utils';
@@ -15,3 +15,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./error.utils"), exports);
18
+ __exportStar(require("./css-sanitizer.utils"), exports);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@abyss-project/spotlight",
3
- "version": "1.0.14",
3
+ "version": "1.0.17",
4
4
  "description": "Core package to interact with Abyss-Spotlight",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",