@devvit/shared-types 0.10.23-next-2024-06-11-e174d5815.0 → 0.10.23-next-2024-06-11-a1863df2d.0
Sign up to get free protection for your applications and to get access to all the features.
- package/imageUtil.d.ts.map +1 -1
- package/imageUtil.js +32 -5
- package/package.json +4 -4
package/imageUtil.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"imageUtil.d.ts","sourceRoot":"","sources":["../src/imageUtil.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,YAAY,CAAC;AACjC,eAAO,MAAM,aAAa,qBAAqB,CAAC;AAChD,eAAO,MAAM,YAAY,oBAAoB,CAAC;AAC9C,eAAO,MAAM,QAAQ,aAAa,CAAC;AAEnC,eAAO,MAAM,wBAAwB,EAAE,SAAS,MAAM,EAA2C,CAAC;AAClG,eAAO,MAAM,kBAAkB,EAAE,SAAS,MAAM,EAK/C,CAAC;AAoBF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAgBzD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,
|
1
|
+
{"version":3,"file":"imageUtil.d.ts","sourceRoot":"","sources":["../src/imageUtil.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,YAAY,CAAC;AACjC,eAAO,MAAM,aAAa,qBAAqB,CAAC;AAChD,eAAO,MAAM,YAAY,oBAAoB,CAAC;AAC9C,eAAO,MAAM,QAAQ,aAAa,CAAC;AAEnC,eAAO,MAAM,wBAAwB,EAAE,SAAS,MAAM,EAA2C,CAAC;AAClG,eAAO,MAAM,kBAAkB,EAAE,SAAS,MAAM,EAK/C,CAAC;AAoBF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAgBzD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CA8DrE"}
|
package/imageUtil.js
CHANGED
@@ -57,9 +57,9 @@ export function isValidImageURL(imageUrl) {
|
|
57
57
|
export function sanitizeImageURL(imageUrl) {
|
58
58
|
try {
|
59
59
|
const url = new URL(imageUrl);
|
60
|
-
// nothing to sanitize
|
61
|
-
if (url.protocol.startsWith('http')) {
|
62
|
-
return
|
60
|
+
// nothing to sanitize
|
61
|
+
if (url.protocol.startsWith('http') || url.protocol.startsWith('blob')) {
|
62
|
+
return imageUrl;
|
63
63
|
}
|
64
64
|
const [mediaType, data] = url.pathname.split(',');
|
65
65
|
const [mimetype] = mediaType.split(';');
|
@@ -68,14 +68,41 @@ export function sanitizeImageURL(imageUrl) {
|
|
68
68
|
return imageUrl;
|
69
69
|
}
|
70
70
|
const base64 = mediaType.split(';').at(-1) === 'base64';
|
71
|
+
let svgData;
|
72
|
+
// don't do this on base64 content! `=` => `%3D`!
|
73
|
+
if (!base64) {
|
74
|
+
/**
|
75
|
+
* In data url land there are characters that need to be encoded that
|
76
|
+
* a user may have passed in like hex-code colors that will break
|
77
|
+
* the image without giving any relevant messages.
|
78
|
+
*
|
79
|
+
* - `#` and '?' are special separators in the path segment of a URL
|
80
|
+
* - a data URL utilizes the path segment for the entirety of its contents
|
81
|
+
* - parsing a data URL with those special characters will break up the data
|
82
|
+
* between path, hash, and query
|
83
|
+
*
|
84
|
+
* URL {
|
85
|
+
* href: 'data:text/text;charset=UTF-8,Hello, how are you? May I borrow your #2 pencil?',
|
86
|
+
* protocol: 'data:',
|
87
|
+
* pathname: 'text/text;charset=UTF-8,Hello, how are you',
|
88
|
+
* search: '?%20May%20I%20borrow%20your%20',
|
89
|
+
* hash: '#2%20pencil?'
|
90
|
+
* }
|
91
|
+
*/
|
92
|
+
// get the data from the original string since URL() may have messed things up
|
93
|
+
svgData = imageUrl.slice(imageUrl.indexOf(',') + 1);
|
94
|
+
}
|
95
|
+
else {
|
96
|
+
svgData = atob(data);
|
97
|
+
}
|
71
98
|
// extract SVG
|
72
|
-
const svg = decodeURIComponent(
|
99
|
+
const svg = decodeURIComponent(svgData);
|
73
100
|
// sanitize
|
74
101
|
const safeSvg = sanitizeSvg(svg);
|
75
102
|
if (safeSvg === undefined) {
|
76
103
|
return undefined;
|
77
104
|
}
|
78
|
-
//
|
105
|
+
// URI encode if we're not base64 encoding to ensure the img tag doesn't choke on `#` and `?` characters
|
79
106
|
const safeData = base64 ? btoa(safeSvg) : encodeURIComponent(safeSvg);
|
80
107
|
return `data:${mediaType},${safeData}`;
|
81
108
|
}
|
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "@devvit/shared-types",
|
3
|
-
"version": "0.10.23-next-2024-06-11-
|
3
|
+
"version": "0.10.23-next-2024-06-11-a1863df2d.0",
|
4
4
|
"license": "BSD-3-Clause",
|
5
5
|
"repository": {
|
6
6
|
"type": "git",
|
@@ -23,12 +23,12 @@
|
|
23
23
|
},
|
24
24
|
"types": "./index.d.ts",
|
25
25
|
"dependencies": {
|
26
|
-
"@devvit/protos": "0.10.23-next-2024-06-11-
|
26
|
+
"@devvit/protos": "0.10.23-next-2024-06-11-a1863df2d.0"
|
27
27
|
},
|
28
28
|
"devDependencies": {
|
29
29
|
"@devvit/eslint-config": "0.10.22",
|
30
30
|
"@devvit/repo-tools": "0.10.22",
|
31
|
-
"@devvit/tsconfig": "0.10.23-next-2024-06-11-
|
31
|
+
"@devvit/tsconfig": "0.10.23-next-2024-06-11-a1863df2d.0",
|
32
32
|
"@types/redis-mock": "0.17.1",
|
33
33
|
"eslint": "8.9.0",
|
34
34
|
"lit": "2.2.8",
|
@@ -41,5 +41,5 @@
|
|
41
41
|
"directory": "dist"
|
42
42
|
},
|
43
43
|
"source": "./src/index.ts",
|
44
|
-
"gitHead": "
|
44
|
+
"gitHead": "e6fc1cf72a27729540706a5f45ff5cbaab3b0a28"
|
45
45
|
}
|