@ecency/render-helper 2.3.7 → 2.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/lib/consts/allowed-attributes.const.js +11 -10
  2. package/lib/consts/allowed-attributes.const.js.map +1 -1
  3. package/lib/consts/regexes.const.d.ts +1 -0
  4. package/lib/consts/regexes.const.js +2 -1
  5. package/lib/consts/regexes.const.js.map +1 -1
  6. package/lib/methods/sanitize-html.method.js +4 -0
  7. package/lib/methods/sanitize-html.method.js.map +1 -1
  8. package/lib/proxify-image-src.js +9 -2
  9. package/lib/proxify-image-src.js.map +1 -1
  10. package/lib/render-helper.js +1 -1
  11. package/package.json +1 -1
  12. package/src/consts/allowed-attributes.const.ts +11 -10
  13. package/src/consts/regexes.const.ts +2 -0
  14. package/src/methods/sanitize-html.method.ts +4 -2
  15. package/src/proxify-image-src.spec.ts +2 -2
  16. package/src/proxify-image-src.ts +8 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ecency/render-helper",
3
- "version": "2.3.7",
3
+ "version": "2.3.9",
4
4
  "description": "Markdown+Html Render helper",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
package/src/consts/allowed-attributes.const.ts CHANGED
@@ -19,7 +19,8 @@ export const ALLOWED_ATTRIBUTES: XSSWhiteList = {
19
19
  'data-is-inline',
20
20
  'class',
21
21
  'title',
22
- 'data-id'
22
+ 'data-id',
23
+ 'id'
23
24
  ],
24
25
  'img': [
25
26
  'src',
@@ -30,9 +31,9 @@ export const ALLOWED_ATTRIBUTES: XSSWhiteList = {
30
31
  'decoding',
31
32
  'itemprop'
32
33
  ],
33
- 'span': ['class'],
34
+ 'span': ['class', 'id'],
34
35
  'iframe': ['src', 'class', 'frameborder', 'allowfullscreen', 'webkitallowfullscreen', 'mozallowfullscreen', 'sandbox'],
35
- 'div': ['class'],
36
+ 'div': ['class', 'id'],
36
37
  'strong': [],
37
38
  'b': [],
38
39
  'i': [],
@@ -43,13 +44,13 @@ export const ALLOWED_ATTRIBUTES: XSSWhiteList = {
43
44
  'blockquote': ['class'],
44
45
  'sup': [],
45
46
  'sub': [],
46
- 'h1': ['dir'],
47
- 'h2': ['dir'],
48
- 'h3': ['dir'],
49
- 'h4': ['dir'],
50
- 'h5': ['dir'],
51
- 'h6': ['dir'],
52
- 'p': ['dir'],
47
+ 'h1': ['dir', 'id'],
48
+ 'h2': ['dir', 'id'],
49
+ 'h3': ['dir', 'id'],
50
+ 'h4': ['dir', 'id'],
51
+ 'h5': ['dir', 'id'],
52
+ 'h6': ['dir', 'id'],
53
+ 'p': ['dir', 'id'],
53
54
  'center': [],
54
55
  'ul': [],
55
56
  'ol': [],
package/src/consts/regexes.const.ts CHANGED
@@ -42,3 +42,5 @@ export const LOOM_EMBED_REGEX = /^(https?:)?\/\/www.loom.com\/embed\/(.*)/i
42
42
  export const AUREAL_EMBED_REGEX = /^(https?:\/\/)?(www\.)?(?:aureal-embed)\.web\.app\/([0-9]+)/i
43
43
  export const ENTITY_REGEX = /&([a-z0-9]+|#[0-9]{1,6}|#x[0-9a-fA-F]{1,6});/ig
44
44
  export const SECTION_REGEX = /\B(\#[\da-zA-Z-_]+\b)(?!;)/i
45
+ export const ID_WHITELIST = /^[A-Za-z][-A-Za-z0-9_]*$/
46
+
package/src/methods/sanitize-html.method.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import xss from 'xss'
2
- import { ALLOWED_ATTRIBUTES } from '../consts'
2
+ import {ALLOWED_ATTRIBUTES, ID_WHITELIST} from '../consts'
3
3
 
4
4
  const decodeEntities = (input: string): string =>
5
5
  input
@@ -19,7 +19,9 @@ export function sanitizeHtml(html: string): string {
19
19
  if (tag === 'img' && name === 'src' && (!/^https?:\/\//.test(decoded) || decoded.startsWith('javascript:'))) return '';
20
20
  if (tag === 'img' && ['dynsrc', 'lowsrc'].includes(name)) return '';
21
21
  if (tag === 'span' && name === 'class' && value === 'wr') return '';
22
-
22
+ if (name === 'id') {
23
+ if (!ID_WHITELIST.test(decoded)) return '';
24
+ }
23
25
  return undefined;
24
26
  }
25
27
  });
package/src/proxify-image-src.spec.ts CHANGED
@@ -50,10 +50,10 @@ describe('Proxify image src', () => {
50
50
  })
51
51
 
52
52
  it('3- set proxy base', () => {
53
- setProxyBase('https://img.esteem.app')
53
+ setProxyBase('https://images.hive.blog')
54
54
 
55
55
  const input = 'https://i.imgur.com/muESb0B.png'
56
- const expected = 'https://img.esteem.app/p/2bP4pJr4wVimqCWjYimXJe2cnCgnJdyHYxb4dfF6gmC.png?format=match&mode=fit'
56
+ const expected = 'https://images.hive.blog/p/2bP4pJr4wVimqCWjYimXJe2cnCgnJdyHYxb4dfF6gmC?format=match&mode=fit'
57
57
 
58
58
  expect(proxifyImageSrc(input)).toBe(expected)
59
59
  })
package/src/proxify-image-src.ts CHANGED
@@ -2,9 +2,11 @@ import multihash from 'multihashes'
2
2
  import querystring from 'querystring'
3
3
 
4
4
  let proxyBase = 'https://images.ecency.com'
5
+ let fileExtension = true
5
6
 
6
7
  export function setProxyBase(p: string): void {
7
8
  proxyBase = p
9
+ fileExtension = proxyBase == 'https://images.ecency.com';
8
10
  }
9
11
 
10
12
  export function extractPHash(url: string): string | null {
@@ -62,10 +64,14 @@ export function proxifyImageSrc(url?: string, width = 0, height = 0, format = 'm
62
64
  const qs = querystring.stringify(options)
63
65
 
64
66
  if (pHash) {
65
- return `${proxyBase}/p/${pHash}${format==='webp'?'.webp':'.png'}?${qs}`
67
+ if (fileExtension) {
68
+ return `${proxyBase}/p/${pHash}${format==='webp'?'.webp':'.png'}?${qs}`
69
+ } else {
70
+ return `${proxyBase}/p/${pHash}?${qs}`
71
+ }
66
72
  }
67
73
 
68
74
  const b58url = multihash.toB58String(Buffer.from(realUrl.toString()))
69
75
 
70
- return `${proxyBase}/p/${b58url}${format==='webp'?'.webp':'.png'}?${qs}`
76
+ return `${proxyBase}/p/${b58url}${fileExtension ? format==='webp'?'.webp':'.png' : ''}?${qs}`
71
77
  }