@ecency/render-helper 2.2.8 → 2.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/lib/methods/markdown-to-html.method.js +22 -1
  2. package/lib/methods/markdown-to-html.method.js.map +1 -1
  3. package/lib/render-helper.js +1 -1
  4. package/package.json +1 -1
  5. package/src/markdown-2-html.spec.ts +1 -1
  6. package/src/methods/markdown-to-html.method.ts +24 -1
  7. package/src/test/data/legacy/22.json +1 -1
  8. package/src/test/data/legacy/23.json +1 -1
  9. package/src/test/data/legacy/27.JSON +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ecency/render-helper",
3
- "version": "2.2.8",
3
+ "version": "2.2.9",
4
4
  "description": "Markdown+Html Render helper",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
package/src/markdown-2-html.spec.ts CHANGED
@@ -142,7 +142,7 @@ describe('Markdown2Html', () => {
142
142
  last_update: '2019-05-10T09:15:21',
143
143
  body: '<iframe width="560" height="315" src="https://www.youtube.com/embed/I3f9ixg59no?foo=bar&baz=000" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>'
144
144
  }
145
- const expected = '<iframe src="https://www.youtube.com/embed/I3f9ixg59no" frameborder="0" allowfullscreen="allowfullscreen"></iframe>'
145
+ const expected = '<iframe src=\"https://www.youtube.com/embed/I3f9ixg59no\" allowfullscreen=\"allowfullscreen\"></iframe>'
146
146
 
147
147
  expect(markdown2Html(input)).toBe(expected)
148
148
  })
package/src/methods/markdown-to-html.method.ts CHANGED
@@ -44,7 +44,20 @@ export function markdownToHTML(input: string, forApp: boolean, webp: boolean): s
44
44
  return ''
45
45
  }
46
46
 
47
- let output
47
+ let output = '';
48
+
49
+ //encrypt entities
50
+ const entities = input.match(/&(.*?);/g);
51
+ const encEntities:string[] = [];
52
+ if(entities && forApp){
53
+ entities.forEach((entity)=>{
54
+ const CryptoJS = require("react-native-crypto-js");
55
+ const encData = CryptoJS.AES.encrypt(entity, 'key').toString();
56
+ const encyptedEntity = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(encData));
57
+ encEntities.push(encyptedEntity);
58
+ input = input.replace(entity, encyptedEntity);
59
+ })
60
+ }
48
61
 
49
62
  try {
50
63
  output = md.render(input)
@@ -57,6 +70,16 @@ export function markdownToHTML(input: string, forApp: boolean, webp: boolean): s
57
70
  output = ''
58
71
  }
59
72
 
73
+ //decrypt and put back entiteis
74
+ if(forApp && output){
75
+ encEntities.forEach((encEntity)=>{
76
+ const CryptoJS = require("react-native-crypto-js");
77
+ const decData = CryptoJS.enc.Base64.parse(encEntity).toString(CryptoJS.enc.Utf8);
78
+ const entity = CryptoJS.AES.decrypt(decData, 'key').toString(CryptoJS.enc.Utf8);
79
+ output = output.replace(encEntity, entity);
80
+ })
81
+ }
82
+
60
83
  output = output.replace(/ xmlns="http:\/\/www.w3.org\/1999\/xhtml"/g, '')
61
84
  .replace('<body id="root">', '')
62
85
  .replace('</body>', '')
package/src/test/data/legacy/22.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "id": 22,
3
3
  "input": "<IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert(&quot;XSS&quot;)>\n<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>\n<a onmouseover=\"alert(document.cookie)\">xxs link</a><a onmouseover=alert(document.cookie)>xxs link</a>\n<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\n <IMG SRC= onmouseover=\"alert('xxs')\">",
4
- "result": "<p>&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt; <img /><br />\n&lt;IMG SRC=<code>javascript:alert(\"RSnake says, 'XSS'\")</code>&gt;<br />\n<a>xxs link</a><a>xxs link</a><br />\n&lt;IMG \"\"\"&gt;alert(&quot;XSS&quot;)\"&gt;<img /><br />\n&lt;IMG SRC= onmouseover=\"alert('xxs')\"&gt;</p>"
4
+ "result": "<p>&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt; &lt;IMG SRC=javascript:alert(&quot;XSS&quot;)&gt;<br />\n&lt;IMG SRC=<code>javascript:alert(\"RSnake says, 'XSS'\")</code>&gt;<br />\n<a>xxs link</a><a>xxs link</a><br />\n&lt;IMG \"\"\"&gt;alert(&quot;XSS&quot;)\"&gt;<img /><br />\n&lt;IMG SRC= onmouseover=\"alert('xxs')\"&gt;</p>"
5
5
  }
package/src/test/data/legacy/23.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "id": 23,
3
3
  "input": "<IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"></img> <img src=x onerror=\"&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041\"> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=\" &#14; javascript:alert('XSS');\">",
4
- "result": "<p>&lt;IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"&gt; <img src=\"https://images.ecency.com/p/35.png?format=match&amp;mode=fit\" /> <img /> <img /> <img /></p>"
4
+ "result": "<p>&lt;IMG SRC=/ onerror=\"alert(String.fromCharCode(88,83,83))\"&gt; <img src=\"https://images.ecency.com/p/35.png?format=match&amp;mode=fit\"> <img> <img> <img /></p>"
5
5
  }
package/src/test/data/legacy/27.JSON CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "id": 27,
3
3
  "input": "<BR SIZE=\"&{alert('XSS')}\"> <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"> <STYLE>body{}</STYLE> <META HTTP-EQUIV=\"Link\" Content=\"<http://xss.rocks/xss.css>; REL=stylesheet\"> <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME> foo <IFRAME SRC=# onmouseover=\"alert(document.cookie)\"></IFRAME> bar <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> baz ",
4
- "result": "<p><br /> foo bar baz\n</p>"
4
+ "result": "<p><br> foo bar baz\n</p>"
5
5
  }