@devvit/shared-types 0.10.23-next-2024-06-13-8531b9c24.0 → 0.10.23-next-2024-06-14-64b9d0537.0
Sign up to get free protection for your applications and to get access to all the features.
- package/imageUtil.d.ts.map +1 -1
- package/imageUtil.js +6 -29
- package/package.json +4 -4
package/imageUtil.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"imageUtil.d.ts","sourceRoot":"","sources":["../src/imageUtil.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,YAAY,CAAC;AACjC,eAAO,MAAM,aAAa,qBAAqB,CAAC;AAChD,eAAO,MAAM,YAAY,oBAAoB,CAAC;AAC9C,eAAO,MAAM,QAAQ,aAAa,CAAC;AAEnC,eAAO,MAAM,wBAAwB,EAAE,SAAS,MAAM,EAA2C,CAAC;AAClG,eAAO,MAAM,kBAAkB,EAAE,SAAS,MAAM,EAK/C,CAAC;AAoBF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAgBzD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,
|
1
|
+
{"version":3,"file":"imageUtil.d.ts","sourceRoot":"","sources":["../src/imageUtil.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,YAAY,CAAC;AACjC,eAAO,MAAM,aAAa,qBAAqB,CAAC;AAChD,eAAO,MAAM,YAAY,oBAAoB,CAAC;AAC9C,eAAO,MAAM,QAAQ,aAAa,CAAC;AAEnC,eAAO,MAAM,wBAAwB,EAAE,SAAS,MAAM,EAA2C,CAAC;AAClG,eAAO,MAAM,kBAAkB,EAAE,SAAS,MAAM,EAK/C,CAAC;AAoBF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAgBzD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAsCrE"}
|
package/imageUtil.js
CHANGED
@@ -56,45 +56,22 @@ export function isValidImageURL(imageUrl) {
|
|
56
56
|
*/
|
57
57
|
export function sanitizeImageURL(imageUrl) {
|
58
58
|
try {
|
59
|
-
|
59
|
+
// only parse up until the data segment so we don't waste time parsing it here
|
60
|
+
const dataSeparator = imageUrl.indexOf(',');
|
61
|
+
const url = new URL(dataSeparator > 0 ? imageUrl.slice(0, dataSeparator) : imageUrl);
|
60
62
|
// nothing to sanitize
|
61
63
|
if (url.protocol.startsWith('http') || url.protocol.startsWith('blob')) {
|
62
64
|
return imageUrl;
|
63
65
|
}
|
64
|
-
const
|
66
|
+
const mediaType = url.pathname;
|
65
67
|
const [mimetype] = mediaType.split(';');
|
66
68
|
// can't sanitize binary image data
|
67
69
|
if (mimetype !== MIME_SVG_XML) {
|
68
70
|
return imageUrl;
|
69
71
|
}
|
70
72
|
const base64 = mediaType.split(';').at(-1) === 'base64';
|
71
|
-
|
72
|
-
|
73
|
-
if (!base64) {
|
74
|
-
/**
|
75
|
-
* In data url land there are characters that need to be encoded that
|
76
|
-
* a user may have passed in like hex-code colors that will break
|
77
|
-
* the image without giving any relevant messages.
|
78
|
-
*
|
79
|
-
* - `#` and '?' are special separators in the path segment of a URL
|
80
|
-
* - a data URL utilizes the path segment for the entirety of its contents
|
81
|
-
* - parsing a data URL with those special characters will break up the data
|
82
|
-
* between path, hash, and query
|
83
|
-
*
|
84
|
-
* URL {
|
85
|
-
* href: 'data:text/text;charset=UTF-8,Hello, how are you? May I borrow your #2 pencil?',
|
86
|
-
* protocol: 'data:',
|
87
|
-
* pathname: 'text/text;charset=UTF-8,Hello, how are you',
|
88
|
-
* search: '?%20May%20I%20borrow%20your%20',
|
89
|
-
* hash: '#2%20pencil?'
|
90
|
-
* }
|
91
|
-
*/
|
92
|
-
// get the data from the original string since URL() may have messed things up
|
93
|
-
svgData = imageUrl.slice(imageUrl.indexOf(',') + 1);
|
94
|
-
}
|
95
|
-
else {
|
96
|
-
svgData = atob(data);
|
97
|
-
}
|
73
|
+
const data = imageUrl.slice(dataSeparator + 1);
|
74
|
+
const svgData = base64 ? atob(data) : data;
|
98
75
|
// extract SVG
|
99
76
|
const svg = decodeURIComponent(svgData);
|
100
77
|
// sanitize
|
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "@devvit/shared-types",
|
3
|
-
"version": "0.10.23-next-2024-06-
|
3
|
+
"version": "0.10.23-next-2024-06-14-64b9d0537.0",
|
4
4
|
"license": "BSD-3-Clause",
|
5
5
|
"repository": {
|
6
6
|
"type": "git",
|
@@ -23,12 +23,12 @@
|
|
23
23
|
},
|
24
24
|
"types": "./index.d.ts",
|
25
25
|
"dependencies": {
|
26
|
-
"@devvit/protos": "0.10.23-next-2024-06-
|
26
|
+
"@devvit/protos": "0.10.23-next-2024-06-14-64b9d0537.0"
|
27
27
|
},
|
28
28
|
"devDependencies": {
|
29
29
|
"@devvit/eslint-config": "0.10.22",
|
30
30
|
"@devvit/repo-tools": "0.10.22",
|
31
|
-
"@devvit/tsconfig": "0.10.23-next-2024-06-
|
31
|
+
"@devvit/tsconfig": "0.10.23-next-2024-06-14-64b9d0537.0",
|
32
32
|
"@types/redis-mock": "0.17.1",
|
33
33
|
"eslint": "8.9.0",
|
34
34
|
"lit": "2.2.8",
|
@@ -41,5 +41,5 @@
|
|
41
41
|
"directory": "dist"
|
42
42
|
},
|
43
43
|
"source": "./src/index.ts",
|
44
|
-
"gitHead": "
|
44
|
+
"gitHead": "ae94f5560fe125b7b250750b53785d29bdb7e9c7"
|
45
45
|
}
|