npm - @ecency/render-helper - Versions diffs - 2.3.12 → 2.3.13 - Mend

@ecency/render-helper 2.3.12 → 2.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/lib/consts/allowed-attributes.const.js +1 -0
package/lib/consts/allowed-attributes.const.js.map +1 -1
package/lib/methods/sanitize-html.method.js +3 -0
package/lib/methods/sanitize-html.method.js.map +1 -1
package/lib/render-helper.js +1 -1
package/lib/types/xss-white-list.interface.d.ts +1 -0
package/package.json +1 -1
package/src/consts/allowed-attributes.const.ts +1 -0
package/src/methods/sanitize-html.method.ts +4 -0
package/src/sanitize-html.spec.ts +15 -0
package/src/types/xss-white-list.interface.ts +1 -0

package/lib/consts/allowed-attributes.const.js CHANGED Viewed

@@ -34,6 +34,7 @@ exports.ALLOWED_ATTRIBUTES = {
     ],
     'span': ['class', 'id'],
     'iframe': ['src', 'class', 'frameborder', 'allowfullscreen', 'webkitallowfullscreen', 'mozallowfullscreen', 'sandbox'],
+    'video': ['src', 'controls', 'poster'],
     'div': ['class', 'id'],
     'strong': [],
     'b': [],

package/lib/consts/allowed-attributes.const.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"allowed-attributes.const.js","sourceRoot":"","sources":["../../src/consts/allowed-attributes.const.ts"],"names":[],"mappings":";;;AAEa,QAAA,kBAAkB,GAAiB;IAC9C,GAAG,EAAE;QACH,MAAM;QACN,QAAQ;QACR,KAAK;QACL,eAAe;QACf,UAAU;QACV,aAAa;QACb,WAAW;QACX,gBAAgB;QAChB,aAAa;QACb,gBAAgB;QAChB,cAAc;QACd,iBAAiB;QACjB,iBAAiB;QACjB,eAAe;QACf,gBAAgB;QAChB,OAAO;QACP,OAAO;QACP,SAAS;QACT,IAAI;KACL;IACD,KAAK,EAAE;QACL,KAAK;QACL,KAAK;QACL,OAAO;QACP,SAAS;QACT,eAAe;QACf,UAAU;QACV,UAAU;KACX;IACD,MAAM,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC;IACvB,QAAQ,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,SAAS,CAAC;IACtH,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC;IACtB,QAAQ,EAAE,EAAE;IACZ,GAAG,EAAE,EAAE;IACP,GAAG,EAAE,EAAE;IACP,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE;IACT,YAAY,EAAE,CAAC,OAAO,CAAC;IACvB,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,EAAE;IACT,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IAClB,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,EAAE;CACV,CAAA"}
1	+ {"version":3,"file":"allowed-attributes.const.js","sourceRoot":"","sources":["../../src/consts/allowed-attributes.const.ts"],"names":[],"mappings":";;;AAEa,QAAA,kBAAkB,GAAiB;IAC9C,GAAG,EAAE;QACH,MAAM;QACN,QAAQ;QACR,KAAK;QACL,eAAe;QACf,UAAU;QACV,aAAa;QACb,WAAW;QACX,gBAAgB;QAChB,aAAa;QACb,gBAAgB;QAChB,cAAc;QACd,iBAAiB;QACjB,iBAAiB;QACjB,eAAe;QACf,gBAAgB;QAChB,OAAO;QACP,OAAO;QACP,SAAS;QACT,IAAI;KACL;IACD,KAAK,EAAE;QACL,KAAK;QACL,KAAK;QACL,OAAO;QACP,SAAS;QACT,eAAe;QACf,UAAU;QACV,UAAU;KACX;IACD,MAAM,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC;IACvB,QAAQ,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,SAAS,CAAC;IACtH,OAAO,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC;IACtC,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC;IACtB,QAAQ,EAAE,EAAE;IACZ,GAAG,EAAE,EAAE;IACP,GAAG,EAAE,EAAE;IACP,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,KAAK,EAAE,EAAE;IACT,YAAY,EAAE,CAAC,OAAO,CAAC;IACvB,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,EAAE;IACT,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IACnB,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;IAClB,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,EAAE;CACV,CAAA"}

package/lib/methods/sanitize-html.method.js CHANGED Viewed

@@ -23,6 +23,9 @@ function sanitizeHtml(html) {
                 return ''; // 🛡 event handlers
             if (tag === 'img' && name === 'src' && (!/^https?:\/\//.test(decoded) || decoded.startsWith('javascript:')))
                 return '';
+            if (tag === 'video' && ['src', 'poster'].includes(name) &&
+                (!/^https?:\/\//.test(decoded) || decoded.startsWith('javascript:')))
+                return '';
             if (tag === 'img' && ['dynsrc', 'lowsrc'].includes(name))
                 return '';
             if (tag === 'span' && name === 'class' && value === 'wr')

package/lib/methods/sanitize-html.method.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sanitize-html.method.js","sourceRoot":"","sources":["../../src/methods/sanitize-html.method.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAqB;AACrB,oCAA0D;AAE1D,IAAM,cAAc,GAAG,UAAC,KAAa;IACnC,OAAA,KAAK;SACF,OAAO,CAAC,YAAY,EAAE,UAAC,CAAC,EAAE,GAAG,IAAK,OAAA,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,EAAxB,CAAwB,CAAC;SAC3D,OAAO,CAAC,oBAAoB,EAAE,UAAC,CAAC,EAAE,GAAG,IAAK,OAAA,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAtC,CAAsC,CAAC;AAFpF,CAEoF,CAAC;AAEvF,SAAgB,YAAY,CAAC,IAAY;IACvC,OAAO,IAAA,aAAG,EAAC,IAAI,EAAE;QACf,SAAS,EAAE,2BAAkB;QAC7B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,KAAK;QACV,SAAS,EAAE,UAAC,GAAG,EAAE,IAAI,EAAE,KAAK;YAC1B,IAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAE3D,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAC,CAAC,oBAAoB;YAC1D,IAAI,GAAG,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;gBAAE,OAAO,EAAE,CAAC;YACvH,IAAI,GAAG,KAAK,KAAK,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAC;YACpE,IAAI,GAAG,KAAK,MAAM,IAAI,IAAI,KAAK,OAAO,IAAI,KAAK,KAAK,IAAI;gBAAE,OAAO,EAAE,CAAC;YACpE,IAAI,IAAI,KAAK,IAAI,EAAE;gBACjB,IAAI,CAAC,qBAAY,CAAC,IAAI,CAAC,OAAO,CAAC;oBAAE,OAAO,EAAE,CAAC;aAC5C;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;AACL,CAAC;~~AAnBD~~,~~oCAmBC~~"}
1	+ {"version":3,"file":"sanitize-html.method.js","sourceRoot":"","sources":["../../src/methods/sanitize-html.method.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAqB;AACrB,oCAA0D;AAE1D,IAAM,cAAc,GAAG,UAAC,KAAa;IACnC,OAAA,KAAK;SACF,OAAO,CAAC,YAAY,EAAE,UAAC,CAAC,EAAE,GAAG,IAAK,OAAA,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,EAAxB,CAAwB,CAAC;SAC3D,OAAO,CAAC,oBAAoB,EAAE,UAAC,CAAC,EAAE,GAAG,IAAK,OAAA,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAtC,CAAsC,CAAC;AAFpF,CAEoF,CAAC;AAEvF,SAAgB,YAAY,CAAC,IAAY;IACvC,OAAO,IAAA,aAAG,EAAC,IAAI,EAAE;QACf,SAAS,EAAE,2BAAkB;QAC7B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,KAAK;QACV,SAAS,EAAE,UAAC,GAAG,EAAE,IAAI,EAAE,KAAK;YAC1B,IAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAE3D,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAC,CAAC,oBAAoB;YAC1D,IAAI,GAAG,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;gBAAE,OAAO,EAAE,CAAC;YACvH,IACE,GAAG,KAAK,OAAO,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnD,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;gBACpE,OAAO,EAAE,CAAC;YACZ,IAAI,GAAG,KAAK,KAAK,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAC;YACpE,IAAI,GAAG,KAAK,MAAM,IAAI,IAAI,KAAK,OAAO,IAAI,KAAK,KAAK,IAAI;gBAAE,OAAO,EAAE,CAAC;YACpE,IAAI,IAAI,KAAK,IAAI,EAAE;gBACjB,IAAI,CAAC,qBAAY,CAAC,IAAI,CAAC,OAAO,CAAC;oBAAE,OAAO,EAAE,CAAC;aAC5C;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAvBD,oCAuBC"}