@geogirafe/lib-geoportal 1.1.0-dev.2593857917 → 1.1.0-dev.2594292854

package/components/selectiongrid/tools/selectiontabulatormanager.js

@@ -5,6 +5,7 @@ import ColumnAliasHelper from '../../../tools/utils/aliases.js';
 import { linkify } from '../../../tools/utils/utils.js';
 import { noop } from '../../../tools/utils/async.js';
 import tippy from 'tippy.js';
+import { sanitize } from '../../../tools/utils/selection.js';
 const geometryColumns = new Set(['geom', 'the_geom', 'geometry']);
 export default class SelectionTabulatorManager {
     featureToGridData;
@@ -228,7 +229,7 @@ export default class SelectionTabulatorManager {
                         delete row[key];
                     }
                     else if (typeof value === 'string') {
-                        row[key] = linkify(value);
+                        row[key] = sanitize(linkify(value), this.context.configManager.Config);
                     }
                 }
             }

package/components/selectionwindow/component.js

@@ -6,9 +6,9 @@ import FeatureToGridDataById from '../../tools/featuretogriddatabyid.js';
 import { getValidIndex, linkify } from '../../tools/utils/utils.js';
 import IconCenter from './images/center.svg';
 import ResizeWindow from '../../tools/resizewindow.js';
-import DOMPurify from 'dompurify';
 import CsvManager from '../../tools/export/csvmanager.js';
 import ColumnAliasHelper from '../../tools/utils/aliases.js';
+import { sanitize } from '../../tools/utils/selection.js';
 /**
  * Represents a draggable and resizable selection window component.
  * Display itself when it should be visible and have selected features.
@@ -174,16 +174,9 @@ table{border-collapse:collapse;table-layout:auto;width:100%}td.feature-id{text-a
             return keyValue[1] !== undefined;
         });
         this.displayedProperties.forEach((keyValue) => {
-            let config = {};
-            if (this.context.configManager.Config.query.legacy) {
-                config = {
-                    ADD_ATTR: ['onclick'],
-                    ADD_URI_SAFE_ATTR: ['onclick']
-                };
-            }
             keyValue[0] = this.context.i18nManager.getTranslation(this.columnAliasHelper.getColumnAlias(windowFeature.id, keyValue[0]));
             keyValue[1] = linkify(keyValue[1]);
-            keyValue[1] = DOMPurify.sanitize(keyValue[1], config);
+            keyValue[1] = sanitize(keyValue[1], this.context.configManager.Config);
         });
         // Render and translate data.
         this.render();

package/package.json

@@ -5,7 +5,7 @@
     "name": "GeoGirafe PSC",
     "url": "https://doc.geomapfish.dev"
   },
-  "version": "1.1.0-dev.2593857917",
+  "version": "1.1.0-dev.2594292854",
   "type": "module",
   "engines": {
     "node": ">=20.19.0"

package/templates/public/about.json

@@ -1 +1 @@
-{"version":"1.1.0-dev.2593857917", "build":"2593857917", "date":"11/06/2026"}
+{"version":"1.1.0-dev.2594292854", "build":"2594292854", "date":"11/06/2026"}

package/tools/configuration/girafeconfig.d.ts

@@ -1,3 +1,4 @@
+import { Config as SanitizeConfig } from 'dompurify';
 declare class GirafeConfig {
     general: {
         locale: string;
@@ -121,6 +122,7 @@ declare class GirafeConfig {
     news?: {
         urls: string[];
         autoDisplay: boolean;
+        sanitizeConfig?: SanitizeConfig;
     };
     externalLayers?: {
         predefinedSources: {
@@ -176,6 +178,7 @@ declare class GirafeConfig {
     };
     query: {
         legacy: boolean;
+        sanitizeConfig?: SanitizeConfig;
     };
     gmfauth?: {
         url: string;
@@ -241,6 +244,9 @@ declare class GirafeConfig {
     filtering?: {
         gmfLayerMetadataUrl?: string;
     };
+    permalink?: {
+        sanitizeConfig?: SanitizeConfig;
+    };
     extendedConfig?: Record<string, object>;
     static readonly DEFAULT_LOCALE = "en-US";
     /**
@@ -281,5 +287,6 @@ declare class GirafeConfig {
     private initOnboarding;
     private initApiConfig;
     private initConfigFiltering;
+    private initPermalinkConfig;
 }
 export default GirafeConfig;

package/tools/configuration/girafeconfig.js

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: Apache-2.0
+import { defaultNewsSanitizeConfig, defaultPermalinkSanitizeConfig, defaultQuerySanitizeConfig } from './sanitizeconfig.defaults';
 class GirafeConfig {
     general;
     languages;
@@ -30,6 +30,7 @@ class GirafeConfig {
     onboarding;
     api;
     filtering;
+    permalink;
     // The extended configuration can be used by third-party components or extensions
     // to add custom attributes to the GirafeConfig.
     extendedConfig;
@@ -70,6 +71,7 @@ class GirafeConfig {
         this.onboarding = this.initOnboarding(config);
         this.api = this.initApiConfig(config);
         this.filtering = this.initConfigFiltering(config);
+        this.permalink = this.initPermalinkConfig(config);
         try {
             this.search = this.initConfigSearch(config);
         }
@@ -151,7 +153,8 @@ class GirafeConfig {
     }
     initConfigQuery(config) {
         return {
-            legacy: config.query?.legacy ?? false
+            legacy: config.query?.legacy ?? false,
+            sanitizeConfig: config.query?.sanitizeConfig ?? defaultQuerySanitizeConfig
         };
     }
     initConfigDrawing(config) {
@@ -240,7 +243,20 @@ class GirafeConfig {
         return config.lidar;
     }
     initConfigNews(config) {
-        return config.news;
+        if (config.news?.sanitizeConfig) {
+            return config.news;
+        }
+        else if (config.news) {
+            return {
+                ...config.news,
+                sanitizeConfig: defaultNewsSanitizeConfig
+            };
+        }
+        return {
+            urls: [],
+            autoDisplay: false,
+            sanitizeConfig: defaultNewsSanitizeConfig
+        };
     }
     initConfigCsv(config) {
         const defaultConfig = {
@@ -421,5 +437,10 @@ class GirafeConfig {
         }
         return config.filtering ?? undefined;
     }
+    initPermalinkConfig(config) {
+        return config.permalink ?? {
+            sanitizeConfig: defaultPermalinkSanitizeConfig
+        };
+    }
 }
 export default GirafeConfig;

package/tools/configuration/sanitizeconfig.defaults.d.ts

@@ -0,0 +1,4 @@
+import { Config as SanitizeConfig } from 'dompurify';
+export declare const defaultNewsSanitizeConfig: SanitizeConfig;
+export declare const defaultPermalinkSanitizeConfig: SanitizeConfig;
+export declare const defaultQuerySanitizeConfig: SanitizeConfig;

package/tools/configuration/sanitizeconfig.defaults.js

@@ -0,0 +1,12 @@
+export const defaultNewsSanitizeConfig = {
+    USE_PROFILES: { html: true },
+    FORBID_TAGS: ['style', 'script', 'iframe', 'object', 'embed'],
+    FORBID_ATTR: ['style', 'onerror', 'onload', 'onclick']
+};
+export const defaultPermalinkSanitizeConfig = {
+    ALLOWED_TAGS: ['br', 'b', 'div', 'em', 'i', 'p', 'strong'],
+    ALLOWED_ATTR: []
+};
+export const defaultQuerySanitizeConfig = {
+    ALLOWED_TAGS: ['iframe', 'a', 'img']
+};

package/tools/main.d.ts

@@ -10,6 +10,7 @@ export { default as OpenIdConnectManager } from './auth/openidconnectmanager.js'
 export { default as PluginManager } from './auth/pluginmanager.js';
 export { default as ConfigManager } from './configuration/configmanager.js';
 export { default as GirafeConfig } from './configuration/girafeconfig.js';
+export { defaultNewsSanitizeConfig, defaultPermalinkSanitizeConfig, defaultQuerySanitizeConfig } from './configuration/sanitizeconfig.defaults';
 export { default as GirafeContext } from './context/context.js';
 export type { default as IGirafeContext } from './context/icontext.js';
 export { default as CesiumDrawing } from './drawing/cesiumDrawing.js';
@@ -120,6 +121,7 @@ export { default as GirafeColorPicker } from './utils/girafecolorpicker.js';
 export { unByKeyAll, getOlayerByName, removeUnwantedOlParams, polygonFromCircle, getDistance, getAreaOfPolygon, getAreaOfCircle, isCoordinateInDegrees, getSelectionBoxFromMapClick, reprojectGeometry, ensurePolygonIsProperlyClosed, getHalfPoint, getLabelStyle, getRadiusDataForCircle, getLengthAsMetricText, getAreaAsMetricText, getAzimuthAsText } from './utils/olutils.js';
 export { getPropertyByPath, setPropertyByPath, createObjectFromPath, deletePropertyByPath, mergeObjects } from './utils/pathUtils.js';
 export { generateQrCode } from './utils/qrcode.js';
+export { sanitize } from './utils/selection.js';
 export { default as ServiceWorkerHelper } from './utils/swhelper.js';
 export { systemIsInDarkMode, isSafari, isFirefox, getValidIndex, minMax, hexToRgbaArray, rgbStrToRgbaArray, colorToRgbaArray, isValidEmail, applyOpacityToLayers, applyFeaturesToSelection, linkify, applyDefaultPrefixToUrl, splitTrimAndConvertToNumber } from './utils/utils.js';
 export { default as VendorSpecificOgcServerManager } from './vendorspecificogcservermanager.js';

package/tools/main.js

@@ -10,6 +10,7 @@ export { default as OpenIdConnectManager } from './auth/openidconnectmanager.js'
 export { default as PluginManager } from './auth/pluginmanager.js';
 export { default as ConfigManager } from './configuration/configmanager.js';
 export { default as GirafeConfig } from './configuration/girafeconfig.js';
+export { defaultNewsSanitizeConfig, defaultPermalinkSanitizeConfig, defaultQuerySanitizeConfig } from './configuration/sanitizeconfig.defaults';
 export { default as GirafeContext } from './context/context.js';
 export { default as CesiumDrawing } from './drawing/cesiumDrawing.js';
 export { default as DrawingFeature } from './drawing/drawingFeature.js';
@@ -93,6 +94,7 @@ export { default as GirafeColorPicker } from './utils/girafecolorpicker.js';
 export { unByKeyAll, getOlayerByName, removeUnwantedOlParams, polygonFromCircle, getDistance, getAreaOfPolygon, getAreaOfCircle, isCoordinateInDegrees, getSelectionBoxFromMapClick, reprojectGeometry, ensurePolygonIsProperlyClosed, getHalfPoint, getLabelStyle, getRadiusDataForCircle, getLengthAsMetricText, getAreaAsMetricText, getAzimuthAsText } from './utils/olutils.js';
 export { getPropertyByPath, setPropertyByPath, createObjectFromPath, deletePropertyByPath, mergeObjects } from './utils/pathUtils.js';
 export { generateQrCode } from './utils/qrcode.js';
+export { sanitize } from './utils/selection.js';
 export { default as ServiceWorkerHelper } from './utils/swhelper.js';
 export { systemIsInDarkMode, isSafari, isFirefox, getValidIndex, minMax, hexToRgbaArray, rgbStrToRgbaArray, colorToRgbaArray, isValidEmail, applyOpacityToLayers, applyFeaturesToSelection, linkify, applyDefaultPrefixToUrl, splitTrimAndConvertToNumber } from './utils/utils.js';
 export { default as VendorSpecificOgcServerManager } from './vendorspecificogcservermanager.js';

package/tools/url/permalinkmanager.js

@@ -122,10 +122,7 @@ export default class PermalinkManager extends GirafeSingleton {
     }
     addTooltip(position) {
         if (this.hasToolTip()) {
-            const content = DOMPurify.sanitize(this.params['map_tooltip'], {
-                ALLOWED_TAGS: ['br', 'b', 'div', 'em', 'i', 'p', 'strong'],
-                ALLOWED_ATTR: []
-            });
+            const content = DOMPurify.sanitize(this.params['map_tooltip'], this.context.configManager.Config.permalink?.sanitizeConfig);
             position.tooltip = {
                 content: content,
                 position: position.center

package/tools/utils/selection.d.ts

@@ -0,0 +1,2 @@
+import GirafeConfig from '../configuration/girafeconfig.js';
+export declare const sanitize: (unsanitized: string, config: GirafeConfig) => string;

package/tools/utils/selection.js

@@ -0,0 +1,14 @@
+import DOMPurify from 'dompurify';
+export const sanitize = (unsanitized, config) => {
+    let sanitizeConfig = {
+        ...config.query.sanitizeConfig
+    };
+    if (config.query.legacy) {
+        sanitizeConfig = {
+            ...sanitizeConfig,
+            ADD_ATTR: ['onclick'],
+            ADD_URI_SAFE_ATTR: ['onclick']
+        };
+    }
+    return DOMPurify.sanitize(unsanitized, sanitizeConfig);
+};