@ecency/render-helper 2.2.12 → 2.2.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ecency/render-helper",
-  "version": "2.2.12",
+  "version": "2.2.16",
   "description": "Markdown+Html Render helper",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

package/src/consts/index.ts

@@ -1,4 +1,5 @@
 export * from './white-list.const'
+export * from './section-list.const'
 export * from './regexes.const'
 export * from './allowed-attributes.const'
 export * from './dom-parser.const'

package/src/consts/regexes.const.ts

@@ -8,7 +8,7 @@ export const MENTION_REGEX = /^https?:\/\/(.*)\/(@[\w.\d-]+)$/i
 export const TOPIC_REGEX = /^https?:\/\/(.*)\/(trending|hot|created|promoted|muted|payout)\/(.*)$/i
 export const INTERNAL_MENTION_REGEX = /^\/@[\w.\d-]+$/i
 export const INTERNAL_TOPIC_REGEX = /^\/(trending|hot|created|promoted|muted|payout)\/(.*)$/i
-export const INTERNAL_POST_TAG_REGEX = /\/(.*)\/(@[\w.\d-]+)\/(.*)/i
+export const INTERNAL_POST_TAG_REGEX = /(.*)\/(@[\w.\d-]+)\/(.*)/i
 export const INTERNAL_POST_REGEX = /^\/(@[\w.\d-]+)\/(.*)$/i
 export const CUSTOM_COMMUNITY_REGEX = /^https?:\/\/(.*)\/c\/(hive-\d+)(.*)/i
 export const YOUTUBE_REGEX = /(?:youtube.com\/(?:[^\/]+\/.+\/|(?:v|e(?:mbed)?)\/|.*[?&]v=)|youtu.be\/)([^"&?\/\s]{11})/g
@@ -39,3 +39,4 @@ export const BRAND_NEW_TUBE_REGEX = /^https:\/\/brandnewtube\.com\/embed\/[a-z0-
 export const LOOM_REGEX = /^(https?:)?\/\/www.loom.com\/share\/(.*)/i
 export const LOOM_EMBED_REGEX = /^(https?:)?\/\/www.loom.com\/embed\/(.*)/i
 export const AUREAL_EMBED_REGEX = /^(https?:\/\/)?(www\.)?(?:aureal-embed)\.web\.app\/([0-9]+)/i
+export const ENTITY_REGEX = /&([a-z0-9]+|#[0-9]{1,6}|#x[0-9a-fA-F]{1,6});/ig;

package/src/consts/section-list.const.ts

@@ -0,0 +1,15 @@
+export const SECTION_LIST = [
+  'wallet',
+  'feed',
+  'followers',
+  'following',
+  'points',
+  'communities',
+  'posts',
+  'blog',
+  'comments',
+  'replies',
+  'settings',
+  'engine',
+  'permissions'
+]

package/src/markdown-2-html.spec.ts

@@ -99,6 +99,30 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input)).toBe(expected)
     })
 
+    it('7.1- Should handle raw d.tube videos without thumbnail', () => {
+      const input = {
+        author: 'foo37.1',
+        permlink: 'bar37.1',
+        last_update: '2020-05-10T09:15:21',
+        body: 'https://d.tube/#!/v/techcoderx/QmVdEYicJwiTxSk2U9ER1Yc8Rumb1Nek4KynqAYGyQs7ga'
+      }
+      const expected = '<p><a class="markdown-video-link markdown-video-link-dtube" data-embed-src="https://emb.d.tube/#!/techcoderx/QmVdEYicJwiTxSk2U9ER1Yc8Rumb1Nek4KynqAYGyQs7ga"><span class="markdown-video-play"></span></a></p>'
+
+      expect(markdown2Html(input)).toBe(expected)
+    })
+
+    it('7.2- Should handle raw d.tube videos different format', () => {
+      const input = {
+        author: 'foo37.2',
+        permlink: 'bar37.2',
+        last_update: '2020-05-10T09:15:21',
+        body: 'https://d.tube/v/techcoderx/QmVdEYicJwiTxSk2U9ER1Yc8Rumb1Nek4KynqAYGyQs7ga'
+      }
+      const expected = '<p><a class="markdown-video-link markdown-video-link-dtube" data-embed-src="https://emb.d.tube/#!/techcoderx/QmVdEYicJwiTxSk2U9ER1Yc8Rumb1Nek4KynqAYGyQs7ga"><span class="markdown-video-play"></span></a></p>'
+
+      expect(markdown2Html(input)).toBe(expected)
+    })
+
     it('9- Should handle witnesses links', () => {
       const input = {
         author: 'foo39',
@@ -142,7 +166,7 @@ describe('Markdown2Html', () => {
         last_update: '2019-05-10T09:15:21',
         body: '<iframe width="560" height="315" src="https://www.youtube.com/embed/I3f9ixg59no?foo=bar&baz=000" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>'
       }
-      const expected = '<iframe src=\"https://www.youtube.com/embed/I3f9ixg59no\" allowfullscreen=\"allowfullscreen\"></iframe>'
+      const expected = '<iframe src=\"https://www.youtube.com/embed/I3f9ixg59no\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"></iframe>'
 
       expect(markdown2Html(input)).toBe(expected)
     })
@@ -620,7 +644,7 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input)).toBe(expected)
     })
 
-    it('43- Should handle dtube iframe', () => {
+    it('43 - Should handle dtube iframe', () => {
       const input = {
         author: 'foo343',
         permlink: 'bar343',
@@ -632,7 +656,7 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input)).toBe(expected)
     })
 
-    it('44- Should handle vimm iframe', () => {
+    it('44 - Should handle vimm iframe', () => {
       const input = {
         author: 'foo344',
         permlink: 'bar344',
@@ -656,7 +680,7 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input)).toBe(expected)
     })
 
-    it('46- Should handle copied md links', () => {
+    it('46 - Should handle copied md links', () => {
       const input = {
         author: 'foo346',
         permlink: 'bar346',
@@ -668,7 +692,7 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input)).toBe(expected)
     })
 
-    it('47- Should handle internal links', () => {
+    it('47 - Should handle internal links', () => {
       const input = {
         author: 'foo347',
         permlink: 'bar347',
@@ -878,10 +902,10 @@ describe('Markdown2Html', () => {
       expect(markdown2Html(input, false)).toBe(expected)
     })
 
-    it('65- Should handle youtube.com/embed videos', () => {
+    it('65 - Should handle youtube.com/embed videos', () => {
       const input = {
-        author: 'foo329',
-        permlink: 'bar329',
+        author: 'foo365',
+        permlink: 'bar365',
         last_update: '2019-05-10T09:15:21',
         body: 'https://www.youtube.com/embed/UuyS7YAkECA?start=295&autoplay=1'
       }
@@ -889,6 +913,30 @@ describe('Markdown2Html', () => {
 
       expect(markdown2Html(input)).toBe(expected)
     })
+
+    it('66 - Should handle internal links with params', () => {
+      const input = {
+        author: 'foo366',
+        permlink: 'bar366',
+        last_update: '2019-05-10T09:15:21',
+        body: 'direct link https://ecency.com/@ecency/faq?history'
+      }
+      const expected = '<p>direct link <a class=\"markdown-post-link\" data-tag=\"post\" data-author=\"ecency\" data-permlink=\"faq?history\">@ecency/faq?history</a></p>'
+
+      expect(markdown2Html(input)).toBe(expected)
+    })
+
+    it('67 - Should handle section links with params', () => {
+      const input = {
+        author: 'foo367',
+        permlink: 'bar367',
+        last_update: '2019-05-10T09:15:21',
+        body: 'direct link https://ecency.com/@ecency/posts?q=games'
+      }
+      const expected = '<p>direct link <a href=\"https://ecency.com/@ecency/posts?q=games\" class=\"markdown-profile-link\">@ecency/posts?q=games</a></p>'
+
+      expect(markdown2Html(input)).toBe(expected)
+    })
   })
 
   describe("Rumble support", () => {

package/src/methods/a.method.ts

@@ -23,7 +23,8 @@ import {
   RUMBLE_REGEX,
   BRIGHTEON_REGEX,
   DOMParser,
-  LOOM_REGEX
+  LOOM_REGEX,
+  SECTION_LIST
 } from '../consts'
 import { getSerializedInnerHTML } from './get-inner-html.method'
 import { proxifyImageSrc } from '../proxify-image-src'
@@ -139,9 +140,10 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
   // If a tagged post and profile section links
   const tpostMatch = href.match(INTERNAL_POST_TAG_REGEX)
   if (
-    (tpostMatch && WHITE_LIST.includes(tpostMatch[1].substring(1))) || (tpostMatch && tpostMatch.length === 4 && tpostMatch[1].indexOf('/') !== 0)
+    (tpostMatch && tpostMatch.length === 4 && WHITE_LIST.some(v => tpostMatch[1].includes(v))) || (tpostMatch && tpostMatch.length === 4 && tpostMatch[1].indexOf('/') == 0)
   ) {
-    if (['wallet', 'feed', 'followers', 'following', 'points', 'communities', 'posts', 'blog', 'comments', 'replies', 'settings', 'engine'].includes(tpostMatch[3])) {
+    // check if permlink is section or section with params ?q=xyz
+    if (SECTION_LIST.some(v => tpostMatch[3].includes(v))) {
       el.setAttribute('class', 'markdown-profile-link')
       const author = tpostMatch[2].replace('@', '').toLowerCase()
       const section = tpostMatch[3]
@@ -158,13 +160,18 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
       }
       return
     } else {
-      el.setAttribute('class', 'markdown-post-link')
-
+      // check if domain is not whitelist and does contain dot (not tag e.g. `/ecency`)
+      if (tpostMatch[1] && tpostMatch[1].includes('.') && !WHITE_LIST.some(v => tpostMatch[1].includes(v))) {
+        return
+      }
       let tag = 'post'
-      if (!WHITE_LIST.includes(tpostMatch[1].substring(1))) {
+      // check if tag does exist and doesn't include dot likely word/tag
+      if (tpostMatch[1] && !tpostMatch[1].includes('.')) {
         [, tag] = tpostMatch
+        tag = tag.replace('/', '')
       }
 
+      el.setAttribute('class', 'markdown-post-link')
       const author = tpostMatch[2].replace('@', '')
       const permlink = tpostMatch[3]
       if (el.textContent === href) {
@@ -210,7 +217,7 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
   if (
     (cpostMatch && cpostMatch.length === 3 && cpostMatch[1].indexOf('@') === 0)
   ) {
-    if (['wallet', 'feed', 'followers', 'following', 'points', 'communities', 'posts', 'blog', 'comments', 'replies', 'settings', 'engine'].includes(cpostMatch[2])) {
+    if (SECTION_LIST.some(v => cpostMatch[2].includes(v))) {
       el.setAttribute('class', 'markdown-profile-link')
       const author = cpostMatch[1].replace('@', '').toLowerCase()
       const section = cpostMatch[2]
@@ -539,37 +546,46 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
   // If a d.tube video
   match = href.match(D_TUBE_REGEX)
   if (match) {
-    // Only d.tube links contains an image
-    const imgEls = el.getElementsByTagName('img')
 
-    if (imgEls.length === 1) {
+     // Only d.tube links contains an image
+     const imgEls = el.getElementsByTagName('img')
+
+     if (imgEls.length === 1 || el.textContent.trim() === href) {
       const e = D_TUBE_REGEX.exec(href)
       // e[2] = username, e[3] object id
       if (e[2] && e[3]) {
         el.setAttribute('class', 'markdown-video-link markdown-video-link-dtube')
         el.removeAttribute('href')
+   
 
-        const thumbnail = proxifyImageSrc(imgEls[0].getAttribute('src').replace(/\s+/g, ''), 0, 0, webp ? 'webp' : 'match')
         const videoHref = `https://emb.d.tube/#!/${e[2]}/${e[3]}`
 
         // el.setAttribute('data-video-href', videoHref)
         el.setAttribute('data-embed-src', videoHref)
 
-        const thumbImg = el.ownerDocument.createElement('img')
-        thumbImg.setAttribute('class', 'no-replace video-thumbnail')
-        thumbImg.setAttribute('itemprop', 'thumbnailUrl')
-        
-        thumbImg.setAttribute('src', thumbnail)
+        //process thumb img element 
+        if (imgEls.length === 1) {
+          const thumbnail = proxifyImageSrc(imgEls[0].getAttribute('src').replace(/\s+/g, ''), 0, 0, webp ? 'webp' : 'match') 
+          const thumbImg = el.ownerDocument.createElement('img')
+
+          thumbImg.setAttribute('class', 'no-replace video-thumbnail')
+          thumbImg.setAttribute('itemprop', 'thumbnailUrl')
+            
+          thumbImg.setAttribute('src', thumbnail)
+          el.appendChild(thumbImg)
+
+          // Remove image.
+          el.removeChild(imgEls[0])
+        } else {
+            el.textContent = '';
+        }
 
         const play = el.ownerDocument.createElement('span')
         play.setAttribute('class', 'markdown-video-play')
 
-        el.appendChild(thumbImg)
+  
         el.appendChild(play)
 
-        // Remove image.
-        el.removeChild(imgEls[0])
-
         return
       }
     }
@@ -581,6 +597,7 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
     if (e[2] && e[3]) {
       el.setAttribute('class', 'markdown-video-link markdown-video-link-dtube')
       el.removeAttribute('href')
+      el.textContent = '';
 
       const videoHref = `https://emb.d.tube/#!/${e[2]}/${e[3]}`
 
@@ -590,6 +607,7 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
       play.setAttribute('class', 'markdown-video-play')
 
       el.appendChild(play)
+ 
 
       return
     }

package/src/methods/clean-reply.method.ts

@@ -18,8 +18,8 @@ export function cleanReply(s: string): string {
     .filter(item => item.toLowerCase().includes('read this post on travelfeed.io for the best experience') === false)
     .filter(item => item.toLowerCase().includes('posted via <a href="https://www.dporn.co/"') === false)
     .filter(item => item.toLowerCase().includes('▶️ [watch on 3speak](https://3speak') === false)
-    .filter(item => item.toLowerCase().includes('<sup><sub>Posted via [inji.com]') === false)
-    .filter(item => item.toLowerCase().includes('view this post on [Liketu]') === false)
+    .filter(item => item.toLowerCase().includes('<sup><sub>posted via [inji.com]') === false)
+    .filter(item => item.toLowerCase().includes('view this post on [liketu]') === false)
     .join('\n') : '')
     .replace('Posted via <a href="https://d.buzz" data-link="promote-link">D.Buzz</a>', '')
     .replace('<div class="pull-right"><a href="/@hive.engage">![](https://i.imgur.com/XsrNmcl.png)</a></div>', '')

package/src/methods/linkify.method.ts

@@ -1,4 +1,4 @@
-import { IMG_REGEX } from '../consts'
+import { IMG_REGEX, SECTION_LIST } from '../consts'
 import { proxifyImageSrc } from '../proxify-image-src'
 
 export function linkify(content: string, forApp: boolean, webp: boolean): string {
@@ -34,7 +34,7 @@ export function linkify(content: string, forApp: boolean, webp: boolean): string
     /((^|\s)(\/|)@[\w.\d-]+)\/(\S+)/gi, (match, u, p1, p2, p3) => {
       const uu = u.trim().toLowerCase().replace('/@','').replace('@','');
       const perm = p3;
-      if (['wallet', 'feed', 'followers', 'following', 'points', 'communities', 'posts', 'blog', 'comments', 'replies', 'settings', 'engine'].includes(p3)) {
+      if (SECTION_LIST.some(v => p3.includes(v))) {
         const attrs = forApp ? `https://ecency.com/@${uu}/${perm}` : `href="/@${uu}/${perm}"`
         return ` <a class="markdown-profile-link" ${attrs}>@${uu}/${perm}</a>`
       } else {

package/src/methods/markdown-to-html.method.ts

@@ -1,6 +1,6 @@
 import { traverse } from './traverse.method'
 import { sanitizeHtml } from './sanitize-html.method'
-import { DOMParser } from '../consts'
+import { DOMParser, ENTITY_REGEX } from '../consts'
 import xmldom from 'xmldom'
 
 const lolight = require('lolight')
@@ -47,7 +47,7 @@ export function markdownToHTML(input: string, forApp: boolean, webp: boolean): s
   let output = '';
 
   //encrypt entities
-  const entities = input.match(/&(.*?);/g);
+  const entities = input.match(ENTITY_REGEX);
   const encEntities:string[] = [];
 
   try{

package/src/post-body-summary.ts

@@ -3,6 +3,8 @@ import { makeEntryCacheKey } from './helper'
 import { cacheGet, cacheSet } from './cache'
 import { Entry } from './types'
 import { cleanReply } from './methods'
+import { ENTITY_REGEX } from './consts'
+
 
 const { Remarkable } = require('remarkable')
 const { linkify } = require('remarkable/linkify')
@@ -58,7 +60,7 @@ function postBodySummary(entryBody: string, length?: number, platform:'ios'|'and
   ]);
 
   //encrypt entities
-  const entities = entryBody.match(/&(.*?);/g);
+  const entities = entryBody.match(ENTITY_REGEX);
   const encEntities:string[] = [];
   if(entities && platform !== 'web'){
     entities.forEach((entity)=>{

package/src/test/data/legacy/23.json

@@ -1,5 +1,5 @@
 {
   "id": 23,
   "input": "<IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"></img> <img src=x onerror=\"&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041\"> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=\" &#14;  javascript:alert('XSS');\">",
-  "result": "<p>&lt;IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"&gt; <img src=\"https://images.ecency.com/p/35.png?format=match&amp;mode=fit\"> <img> <img> <img /></p>"
+  "result": "<p>&lt;IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"&gt; <img src=\"https://images.ecency.com/p/35.png?format=match&amp;mode=fit\" /> &lt;IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;&gt; <img /> <img /></p>"
 }

package/src/test/data/legacy/27.JSON

@@ -1,5 +1,5 @@
 {
   "id": 27,
   "input": "<BR SIZE=\"&{alert('XSS')}\"> <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> <STYLE>body{}</STYLE> <META HTTP-EQUIV=\"Link\" Content=\"<http://xss.rocks/xss.css>; REL=stylesheet\"> <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME> foo <IFRAME SRC=# onmouseover=\"alert(document.cookie)\"></IFRAME> bar <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> baz ",
-  "result": "<p><br>     foo  bar  baz\n</p>"
+  "result": "<p><br />     foo  bar  baz\n</p>"
 }