npm - @ecency/render-helper - Versions diffs - 2.3.2 → 2.3.4 - Mend

@ecency/render-helper 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/lib/helper.d.ts +1 -0
package/lib/helper.js +9 -1
package/lib/helper.js.map +1 -1
package/lib/index.d.ts +2 -1
package/lib/index.js +3 -1
package/lib/index.js.map +1 -1
package/lib/methods/a.method.js +6 -8
package/lib/methods/a.method.js.map +1 -1
package/lib/methods/img.method.js +2 -2
package/lib/methods/img.method.js.map +1 -1
package/lib/methods/linkify.method.js +8 -5
package/lib/methods/linkify.method.js.map +1 -1
package/lib/methods/text.method.js +2 -0
package/lib/methods/text.method.js.map +1 -1
package/lib/render-helper.js +1 -1
package/package.json +1 -1
package/src/helper.ts +11 -1
package/src/index.ts +3 -1
package/src/markdown-2-html.spec.ts +2 -2
package/src/methods/a.method.ts +2 -5
package/src/methods/img.method.ts +2 -2
package/src/methods/linkify.method.ts +8 -5
package/src/methods/text.method.ts +2 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ecency/render-helper",
-  "version": "2.3.2",
+  "version": "2.3.4",
   "description": "Markdown+Html Render helper",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

package/src/helper.ts CHANGED Viewed

@@ -22,8 +22,18 @@ export function extractYtStartTime(url:string):string {
       return '' + parseInt(params.get('t')); //parsing is important as sometimes t is famated '123s';
     }else if (params.has('start')){
       return params.get('start');
-    }
+    }
   } catch (error) {
     return '';
   }
 }
+export function isValidPermlink(permlink: string): boolean {
+  // Should not contain image extensions, query params, or fragments
+  const isImage = /\.(jpg|jpeg|png|webp|gif|svg)$/i.test(permlink);
+  const hasSpecialChars = /[?#]/.test(permlink);
+  const isCleanFormat = /^[a-z0-9-]+$/.test(permlink); // Hive standard
+  return isCleanFormat && !isImage && !hasSpecialChars;
+}

package/src/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { getPostBodySummary as postBodySummary } from './post-body-summary'
 import { setProxyBase, proxifyImageSrc } from './proxify-image-src'
 import { setCacheSize } from './cache'
 import { SECTION_LIST } from './consts'
+import { isValidPermlink } from "./helper";
 export {
   renderPostBody,
@@ -12,5 +13,6 @@ export {
   proxifyImageSrc,
   setProxyBase,
   setCacheSize,
-  SECTION_LIST
+  SECTION_LIST,
+  isValidPermlink
 }

package/src/markdown-2-html.spec.ts CHANGED Viewed

@@ -910,7 +910,7 @@ describe('Markdown2Html', () => {
         last_update: '2019-05-10T09:15:21',
         body: 'direct link https://ecency.com/@ecency/faq?history'
       }
-      const expected = '<p dir=\"auto\">direct link <a class=\"markdown-post-link\" data-href=\"https://ecency.com/@ecency/faq?history\" data-is-inline=\"false\" data-tag=\"post\" data-author=\"ecency\" data-permlink=\"faq?history\">@ecency/faq?history</a></p>'
+      const expected = '<p dir=\"auto\">direct link <a href=\"https://ecency.com/@ecency/faq?history\" class=\"markdown-post-link\">https://ecency.com/@ecency/faq?history</a></p>'
       expect(markdown2Html(input)).toBe(expected)
     })
@@ -922,7 +922,7 @@ describe('Markdown2Html', () => {
         last_update: '2019-05-10T09:15:21',
         body: 'direct link https://ecency.com/@ecency/posts?q=games'
       }
-      const expected = '<p dir=\"auto\">direct link <a href=\"https://ecency.com/@ecency/posts?q=games\" class=\"markdown-profile-link\">@ecency/posts?q=games</a></p>'
+      const expected = '<p dir=\"auto\">direct link <a href=\"https://ecency.com/@ecency/posts?q=games\" class=\"markdown-profile-link\">https://ecency.com/@ecency/posts?q=games</a></p>'
       expect(markdown2Html(input)).toBe(expected)
     })

package/src/methods/a.method.ts CHANGED Viewed

@@ -30,12 +30,8 @@ import {
 import { getSerializedInnerHTML } from './get-inner-html.method'
 import { proxifyImageSrc } from '../proxify-image-src'
 import { removeChildNodes } from './remove-child-nodes.method'
-import { extractYtStartTime } from '../helper'
+import { extractYtStartTime, isValidPermlink } from '../helper'
-function isValidPermlink(permlink: string): boolean {
-  // Reject anything that looks like a file (ends with .jpg/.png/.webp/.jpeg etc)
-  return !/\.(jpg|jpeg|png|webp|gif|svg)$/i.test(permlink);
-}
 export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
   let href = el.getAttribute('href')
@@ -162,6 +158,7 @@ export function a(el: HTMLElement, forApp: boolean, webp: boolean): void {
       const author = tpostMatch[2].replace('@', '').toLowerCase()
       const section = tpostMatch[3]
+      if (!isValidPermlink(section)) return;
       if (el.textContent === href) {
         el.textContent = `@${author}/${section}`
       }

package/src/methods/img.method.ts CHANGED Viewed

@@ -18,10 +18,10 @@ export function img(el: HTMLElement, webp: boolean): void {
     src = ""
   }
-  // ❌ Skip relative paths (e.g., `photo.jpg`)
+  // ❌ Skip relative paths (e.g., `photo.jpg`, `./photo.png`, `assets/pic.jpeg`)
   const isRelative = !/^https?:\/\//i.test(src) && !src.startsWith("/");
   if (isRelative) {
-    console.warn("Skipped relative image:", src);
+    //console.warn("Skipped relative image:", src);
     src = ""
   }

package/src/methods/linkify.method.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { IMG_REGEX, SECTION_LIST } from '../consts'
 import { proxifyImageSrc } from '../proxify-image-src'
+import {isValidPermlink} from "../helper";
 export function linkify(content: string, forApp: boolean, webp: boolean): string {
   // Tags
@@ -33,13 +34,15 @@ export function linkify(content: string, forApp: boolean, webp: boolean): string
   content = content.replace(
     /((^|\s)(\/|)@[\w.\d-]+)\/(\S+)/gi, (match, u, p1, p2, p3) => {
       const uu = u.trim().toLowerCase().replace('/@', '').replace('@', '');
-      const perm = p3;
+      const permlink = p3;
+      if (!isValidPermlink(permlink)) return match;
       if (SECTION_LIST.some(v => p3.includes(v))) {
-        const attrs = forApp ? `https://ecency.com/@${uu}/${perm}` : `href="/@${uu}/${perm}"`
-        return ` <a class="markdown-profile-link" ${attrs}>@${uu}/${perm}</a>`
+        const attrs = forApp ? `https://ecency.com/@${uu}/${permlink}` : `href="/@${uu}/${permlink}"`
+        return ` <a class="markdown-profile-link" ${attrs}>@${uu}/${permlink}</a>`
       } else {
-        const attrs = forApp ? `data-author="${uu}" data-tag="post" data-permlink="${perm}"` : `href="/post/@${uu}/${perm}"`
-        return ` <a class="markdown-post-link" ${attrs}>@${uu}/${perm}</a>`
+        const attrs = forApp ? `data-author="${uu}" data-tag="post" data-permlink="${permlink}"` : `href="/post/@${uu}/${permlink}"`
+        return ` <a class="markdown-post-link" ${attrs}>@${uu}/${permlink}</a>`
       }
     }
   )

package/src/methods/text.method.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { IMG_REGEX, YOUTUBE_REGEX, WHITE_LIST, DOMParser, POST_REGEX,  } from '../consts'
-import { extractYtStartTime } from '../helper'
+import { extractYtStartTime, isValidPermlink } from '../helper'
 import { proxifyImageSrc } from '../proxify-image-src'
 import { linkify } from './linkify.method'
@@ -59,6 +59,7 @@ export function text(node: HTMLElement, forApp: boolean, webp: boolean): void {
       const tag = postMatch[2]
       const author = postMatch[3].replace('@', '')
       const permlink = postMatch[4]
+      if (!isValidPermlink(permlink)) return;
       const attrs = forApp ? `data-tag="${tag}" data-author="${author}" data-permlink="${permlink}" class="markdown-post-link"` : `class="markdown-post-link" href="/${tag}/@${author}/${permlink}"`
       const replaceNode = DOMParser.parseFromString(