@ecency/render-helper 2.3.13 → 2.3.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/consts/allowed-attributes.const.js +9 -9
- package/lib/consts/allowed-attributes.const.js.map +1 -1
- package/lib/methods/a.method.js +28 -12
- package/lib/methods/a.method.js.map +1 -1
- package/lib/render-helper.js +1 -1
- package/package.json +1 -1
- package/src/consts/allowed-attributes.const.ts +9 -9
- package/src/methods/a.method.ts +33 -12
package/package.json
CHANGED
|
@@ -31,10 +31,10 @@ export const ALLOWED_ATTRIBUTES: XSSWhiteList = {
|
|
|
31
31
|
'decoding',
|
|
32
32
|
'itemprop'
|
|
33
33
|
],
|
|
34
|
-
'span': ['class', 'id'],
|
|
34
|
+
'span': ['class', 'id', 'data-align'],
|
|
35
35
|
'iframe': ['src', 'class', 'frameborder', 'allowfullscreen', 'webkitallowfullscreen', 'mozallowfullscreen', 'sandbox'],
|
|
36
36
|
'video': ['src', 'controls', 'poster'],
|
|
37
|
-
'div': ['class', 'id'],
|
|
37
|
+
'div': ['class', 'id', 'data-align'],
|
|
38
38
|
'strong': [],
|
|
39
39
|
'b': [],
|
|
40
40
|
'i': [],
|
|
@@ -45,13 +45,13 @@ export const ALLOWED_ATTRIBUTES: XSSWhiteList = {
|
|
|
45
45
|
'blockquote': ['class'],
|
|
46
46
|
'sup': [],
|
|
47
47
|
'sub': [],
|
|
48
|
-
'h1': ['dir', 'id'],
|
|
49
|
-
'h2': ['dir', 'id'],
|
|
50
|
-
'h3': ['dir', 'id'],
|
|
51
|
-
'h4': ['dir', 'id'],
|
|
52
|
-
'h5': ['dir', 'id'],
|
|
53
|
-
'h6': ['dir', 'id'],
|
|
54
|
-
'p': ['dir', 'id'],
|
|
48
|
+
'h1': ['dir', 'id', 'data-align'],
|
|
49
|
+
'h2': ['dir', 'id', 'data-align'],
|
|
50
|
+
'h3': ['dir', 'id', 'data-align'],
|
|
51
|
+
'h4': ['dir', 'id', 'data-align'],
|
|
52
|
+
'h5': ['dir', 'id', 'data-align'],
|
|
53
|
+
'h6': ['dir', 'id', 'data-align'],
|
|
54
|
+
'p': ['dir', 'id', 'data-align'],
|
|
55
55
|
'center': [],
|
|
56
56
|
'ul': [],
|
|
57
57
|
'ol': [],
|
package/src/methods/a.method.ts
CHANGED
|
@@ -33,6 +33,27 @@ import { removeChildNodes } from './remove-child-nodes.method'
|
|
|
33
33
|
import { extractYtStartTime, isValidPermlink, isValidUsername } from '../helper'
|
|
34
34
|
import { createImageHTML } from "./img.method";
|
|
35
35
|
|
|
36
|
+
const normalizeValue = (value?: string | null): string => (value ? value.trim() : '')
|
|
37
|
+
|
|
38
|
+
const matchesHref = (href: string, value?: string | null): boolean => {
|
|
39
|
+
const normalizedHref = normalizeValue(href)
|
|
40
|
+
if (!normalizedHref) {
|
|
41
|
+
return false
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
return normalizeValue(value) === normalizedHref
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
const getInlineMeta = (el: HTMLElement, href: string) => {
|
|
48
|
+
const textMatches = matchesHref(href, el.textContent)
|
|
49
|
+
const titleMatches = matchesHref(href, el.getAttribute('title'))
|
|
50
|
+
|
|
51
|
+
return {
|
|
52
|
+
textMatches,
|
|
53
|
+
nonInline: textMatches || titleMatches
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
|
|
36
57
|
|
|
37
58
|
export function a(el: HTMLElement | null, forApp: boolean, webp: boolean): void {
|
|
38
59
|
if (!el || !el.parentNode) {
|
|
@@ -107,11 +128,11 @@ export function a(el: HTMLElement | null, forApp: boolean, webp: boolean): void
|
|
|
107
128
|
|
|
108
129
|
if (!isValidPermlink(permlink)) return;
|
|
109
130
|
|
|
110
|
-
|
|
111
|
-
if (
|
|
131
|
+
const inlineMeta = getInlineMeta(el, href)
|
|
132
|
+
if (inlineMeta.textMatches) {
|
|
112
133
|
el.textContent = `@${author}/${permlink}`
|
|
113
|
-
isInline = false;
|
|
114
134
|
}
|
|
135
|
+
const isInline = !inlineMeta.nonInline
|
|
115
136
|
if (forApp) {
|
|
116
137
|
el.removeAttribute('href')
|
|
117
138
|
|
|
@@ -195,11 +216,11 @@ export function a(el: HTMLElement | null, forApp: boolean, webp: boolean): void
|
|
|
195
216
|
|
|
196
217
|
if (!isValidPermlink(permlink)) return;
|
|
197
218
|
|
|
198
|
-
|
|
199
|
-
if (
|
|
219
|
+
const inlineMeta = getInlineMeta(el, href)
|
|
220
|
+
if (inlineMeta.textMatches) {
|
|
200
221
|
el.textContent = `@${author}/${permlink}`
|
|
201
|
-
isInline = false;
|
|
202
222
|
}
|
|
223
|
+
const isInline = !inlineMeta.nonInline
|
|
203
224
|
if (forApp) {
|
|
204
225
|
el.removeAttribute('href')
|
|
205
226
|
|
|
@@ -274,12 +295,12 @@ export function a(el: HTMLElement | null, forApp: boolean, webp: boolean): void
|
|
|
274
295
|
|
|
275
296
|
if (!isValidPermlink(permlink)) return;
|
|
276
297
|
|
|
277
|
-
|
|
298
|
+
const inlineMeta = getInlineMeta(el, href)
|
|
278
299
|
|
|
279
|
-
if (
|
|
300
|
+
if (inlineMeta.textMatches) {
|
|
280
301
|
el.textContent = `@${author}/${permlink}`
|
|
281
|
-
isInline = false;
|
|
282
302
|
}
|
|
303
|
+
const isInline = !inlineMeta.nonInline
|
|
283
304
|
if (forApp) {
|
|
284
305
|
el.removeAttribute('href')
|
|
285
306
|
|
|
@@ -380,12 +401,12 @@ export function a(el: HTMLElement | null, forApp: boolean, webp: boolean): void
|
|
|
380
401
|
|
|
381
402
|
if (!isValidPermlink(permlink)) return;
|
|
382
403
|
|
|
383
|
-
|
|
404
|
+
const inlineMeta = getInlineMeta(el, href)
|
|
384
405
|
|
|
385
|
-
if (
|
|
406
|
+
if (inlineMeta.textMatches) {
|
|
386
407
|
el.textContent = `@${author}/${permlink}`
|
|
387
|
-
isInline = false;
|
|
388
408
|
}
|
|
409
|
+
const isInline = !inlineMeta.nonInline
|
|
389
410
|
if (forApp) {
|
|
390
411
|
el.removeAttribute('href')
|
|
391
412
|
|