@gravitee/ui-components 3.41.0 → 3.41.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gravitee/ui-components",
3
- "version": "3.41.0",
3
+ "version": "3.41.1",
4
4
  "description": "Gravitee.io UI Components library, based on Web Components",
5
5
  "repository": {
6
6
  "type": "git",
@@ -62,6 +62,7 @@
62
62
  "clipboard-copy": "^4.0.0",
63
63
  "codemirror-asciidoc": "^2.0.0",
64
64
  "date-fns": "^2.26.0",
65
+ "dompurify": "^3.0.3",
65
66
  "jdenticon": "^3.1.0",
66
67
  "jsonschema": "^1.4.0",
67
68
  "lit": "^2.0.2",
@@ -79,11 +80,12 @@
79
80
  "@highcharts/map-collection": "2.0.1",
80
81
  "@semantic-release/changelog": "6.0.2",
81
82
  "@semantic-release/git": "10.0.1",
82
- "@storybook/addon-a11y": "6.5.16",
83
- "@storybook/addon-essentials": "6.5.16",
84
- "@storybook/components": "6.5.16",
85
- "@storybook/theming": "6.5.16",
86
- "@storybook/web-components": "6.5.16",
83
+ "@storybook/addon-a11y": "6.4.22",
84
+ "@storybook/addon-essentials": "6.4.22",
85
+ "@storybook/components": "6.4.22",
86
+ "@storybook/theming": "6.4.22",
87
+ "@storybook/web-components": "6.4.22",
88
+ "@types/dompurify": "^3.0.2",
87
89
  "asciidoctor": "2.2.6",
88
90
  "asciidoctor-highlight.js": "0.4.0",
89
91
  "babel-jest": "27.5.1",
@@ -22,6 +22,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
22
22
  step((generator = generator.apply(thisArg, _arguments || [])).next());
23
23
  });
24
24
  };
25
+ import { sanitize } from 'dompurify';
25
26
  export function loadAsciiDoctor() {
26
27
  return __awaiter(this, void 0, void 0, function* () {
27
28
  let _gvAsciidoctor = window._gvAsciidoctor;
@@ -44,7 +45,7 @@ export function toDom(text, type = 'adoc', small = false) {
44
45
  if (text) {
45
46
  let innerHTML = '';
46
47
  if (type === 'adoc') {
47
- innerHTML = asciidoctor
48
+ const htmlContent = asciidoctor
48
49
  .convert(text, {
49
50
  attributes: {
50
51
  showtitle: true,
@@ -55,6 +56,8 @@ export function toDom(text, type = 'adoc', small = false) {
55
56
  // any other routing framework. By default, href will have the following format:
56
57
  // href="[SERVER_BASE]/#a_link" i.e. href="https://apim-master-portal.cloud.gravitee.io/#a_link"
57
58
  .replace(/href="#/g, `href="${window.location.href}#`);
59
+ // Sanitize HTML content to avoid XSS attacks
60
+ innerHTML = sanitize(htmlContent);
58
61
  }
59
62
  else {
60
63
  throw new Error(`Library not found for type : '${type}' | ${text}`);
@@ -1 +1 @@
1
- {"version":3,"file":"text-format.js","sourceRoot":"","sources":["../../../src/lib/text-format.js"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;AAEH,MAAM,UAAgB,eAAe;;QACnC,IAAI,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAE3C,4CAA4C;QAC5C,IAAI,cAAc,IAAI,IAAI,EAAE;YAC1B,cAAc,GAAG,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;SACxC;QAED,sDAAsD;QACtD,IAAI,MAAM,CAAC,uBAAuB,IAAI,IAAI,EAAE;YAC1C,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;YAChE,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3D,MAAM,CAAC,uBAAuB,GAAG,IAAI,CAAC;SACvC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;CAAA;AAED,MAAM,UAAU,KAAK,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,EAAE,KAAK,GAAG,KAAK;IACtD,OAAO,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;QAC5C,IAAI,IAAI,EAAE;YACR,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,IAAI,KAAK,MAAM,EAAE;gBACnB,SAAS,GAAG,WAAW;qBACpB,OAAO,CAAC,IAAI,EAAE;oBACb,UAAU,EAAE;wBACV,SAAS,EAAE,IAAI;wBACf,oBAAoB,EAAE,iBAAiB;qBACxC;iBACF,CAAC;oBACF,gGAAgG;oBAChG,gFAAgF;oBAChF,gGAAgG;qBAC/F,OAAO,CAAC,UAAU,EAAE,SAAS,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC;aAC1D;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;aACrE;YAED,MAAM,OAAO,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC9C,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE;gBACT,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aAChC;YACD,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,YAAY,EAAE;gBAChB,KAAK,GAAG,YAAY,CAAC,WAAW,CAAC;aAClC;YAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SAC3B;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
1
+ {"version":3,"file":"text-format.js","sourceRoot":"","sources":["../../../src/lib/text-format.js"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,MAAM,UAAgB,eAAe;;QACnC,IAAI,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAE3C,4CAA4C;QAC5C,IAAI,cAAc,IAAI,IAAI,EAAE;YAC1B,cAAc,GAAG,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;SACxC;QAED,sDAAsD;QACtD,IAAI,MAAM,CAAC,uBAAuB,IAAI,IAAI,EAAE;YAC1C,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;YAChE,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3D,MAAM,CAAC,uBAAuB,GAAG,IAAI,CAAC;SACvC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;CAAA;AAED,MAAM,UAAU,KAAK,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,EAAE,KAAK,GAAG,KAAK;IACtD,OAAO,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;QAC5C,IAAI,IAAI,EAAE;YACR,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,IAAI,KAAK,MAAM,EAAE;gBACnB,MAAM,WAAW,GAAG,WAAW;qBAC5B,OAAO,CAAC,IAAI,EAAE;oBACb,UAAU,EAAE;wBACV,SAAS,EAAE,IAAI;wBACf,oBAAoB,EAAE,iBAAiB;qBACxC;iBACF,CAAC;oBACF,gGAAgG;oBAChG,gFAAgF;oBAChF,gGAAgG;qBAC/F,OAAO,CAAC,UAAU,EAAE,SAAS,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC;gBACzD,6CAA6C;gBAC7C,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;aACnC;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;aACrE;YAED,MAAM,OAAO,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC9C,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE;gBACT,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aAChC;YACD,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,YAAY,EAAE;gBAChB,KAAK,GAAG,YAAY,CAAC,WAAW,CAAC;aAClC;YAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SAC3B;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
@@ -103,3 +103,22 @@ export const Async: {
103
103
  };
104
104
  render: (args: any) => HTMLDivElement;
105
105
  };
106
+ export const SanitizedMaliciousDoc: {
107
+ docs: any;
108
+ css: any;
109
+ component: any;
110
+ items: any;
111
+ parameters: {
112
+ actions: {
113
+ handles: any[];
114
+ };
115
+ docsOnly: any;
116
+ docs: {
117
+ storyDescription: any;
118
+ };
119
+ storySource: {
120
+ source: any;
121
+ };
122
+ };
123
+ render: (args: any) => HTMLDivElement;
124
+ };
@@ -58,4 +58,8 @@ export const Async = makeStory(conf, {
58
58
  }),
59
59
  ],
60
60
  });
61
+ const maliciousAsciidoc = '```test"><img src=x onerror=alert(1)></img>';
62
+ export const SanitizedMaliciousDoc = makeStory(conf, {
63
+ items: [{ text: maliciousAsciidoc }],
64
+ });
61
65
  //# sourceMappingURL=gv-documentation.stories.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"gv-documentation.stories.js","sourceRoot":"","sources":["../../../../src/organisms/gv-documentation/gv-documentation.stories.js"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,oDAAoD,CAAC;AACtF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEvE,eAAe;IACb,KAAK,EAAE,4BAA4B;IACnC,SAAS,EAAE,kBAAkB;IAC7B,UAAU,EAAE;QACV,OAAO,EAAE;YACP,SAAS,EAAE,KAAK;SACjB;KACF;CACF,CAAC;AAEF,MAAM,IAAI,GAAG;IACX,SAAS,EAAE,kBAAkB;CAC9B,CAAC;AAEF,MAAM,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,EAAE;IACnC,KAAK,EAAE,CAAC,EAAE,CAAC;CACZ,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,EAAE;IAC9C,KAAK,EAAE;QACL;YACE,SAAS,EAAE;;;;;KAKZ;SACA;KACF;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE;IAC1C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;CACpC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,EAAE;IAC3C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;CAC5D,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,EAAE;IACnC,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACrC,WAAW,EAAE;QACX,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE;YAC9B,SAAS,CAAC,IAAI,GAAG,gBAAgB,CAAC;YAClC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC,CAAC;KACH;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"gv-documentation.stories.js","sourceRoot":"","sources":["../../../../src/organisms/gv-documentation/gv-documentation.stories.js"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,oDAAoD,CAAC;AACtF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEvE,eAAe;IACb,KAAK,EAAE,4BAA4B;IACnC,SAAS,EAAE,kBAAkB;IAC7B,UAAU,EAAE;QACV,OAAO,EAAE;YACP,SAAS,EAAE,KAAK;SACjB;KACF;CACF,CAAC;AAEF,MAAM,IAAI,GAAG;IACX,SAAS,EAAE,kBAAkB;CAC9B,CAAC;AAEF,MAAM,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,EAAE;IACnC,KAAK,EAAE,CAAC,EAAE,CAAC;CACZ,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,EAAE;IAC9C,KAAK,EAAE;QACL;YACE,SAAS,EAAE;;;;;KAKZ;SACA;KACF;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE;IAC1C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;CACpC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,EAAE;IAC3C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;CAC5D,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,EAAE;IACnC,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACrC,WAAW,EAAE;QACX,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE;YAC9B,SAAS,CAAC,IAAI,GAAG,gBAAgB,CAAC;YAClC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC,CAAC;KACH;CACF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,6CAA6C,CAAC;AACxE,MAAM,CAAC,MAAM,qBAAqB,GAAG,SAAS,CAAC,IAAI,EAAE;IACnD,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;CACrC,CAAC,CAAC"}