@happeouikit/content-renderer 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/dist/ContentRenderer.js +3 -3
- package/dist/utils.js +21 -20
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 3.0.1
|
|
4
|
+
|
|
5
|
+
- [Fixed] ContentRenderer should now deal with all kinds of xss
|
|
6
|
+
|
|
3
7
|
## 3.0.0
|
|
4
8
|
|
|
5
9
|
- [Fixed] the xss converter now accepts a whiteList for CSS properties that includes vertical-align
|
|
6
10
|
- [Updated] new dependencies updates: React 17 and and Styled Components 5
|
|
11
|
+
|
|
7
12
|
## 2.0.1
|
|
8
13
|
|
|
9
14
|
- [Added] Changed type to uppercase and to handle both upper and lowercase. Add warning if lowecase is used.
|
package/dist/ContentRenderer.js
CHANGED
|
@@ -68,7 +68,7 @@ import { CopyToClipboardButton } from "@happeouikit/copy-to-clipboard-button";
|
|
|
68
68
|
import { BodyUI, sansFamily } from "@happeouikit/typography";
|
|
69
69
|
import { margin200, media, padding200 } from "@happeouikit/layout";
|
|
70
70
|
import { active, gray04, gray07, gray09, lighten, warn } from "@happeouikit/colors";
|
|
71
|
-
import { toHtml,
|
|
71
|
+
import { toHtml, loadCodeFont, decodeHtmlEntities, removeSpecialCharacters, toSafeText } from "./utils";
|
|
72
72
|
import { ELEMENT_TYPE_PRE, ELEMENT_TYPE_CODE, HIGHLIGHJS_CSS, HIGHLIGHJS_JS, CODE_BLOCK_AVAILABLE_LANGUAGES } from "./constants";
|
|
73
73
|
import { jsx as _jsx } from "react/jsx-runtime";
|
|
74
74
|
import { Fragment as _Fragment } from "react/jsx-runtime";
|
|
@@ -177,13 +177,13 @@ var ContentRenderer = function ContentRenderer(_ref) {
|
|
|
177
177
|
}, [element, createAnchors, useHashAutoscroll, scrollAndHighlightHash]);
|
|
178
178
|
var safeText = useMemo(function () {
|
|
179
179
|
var lowercaseType = type && typeof type === "string" ? type.toLowerCase() : "html";
|
|
180
|
-
var transformedContent = lowercaseType === "text" ? "<p>".concat(content, "</p>") : toHtml(content, lowercaseType);
|
|
180
|
+
var transformedContent = lowercaseType === "text" ? toSafeText("<p>".concat(content, "</p>")) : toHtml(content, lowercaseType);
|
|
181
181
|
|
|
182
182
|
if (decodeHtmlEntitiesOnRender) {
|
|
183
183
|
transformedContent = decodeHtmlEntities(transformedContent);
|
|
184
184
|
}
|
|
185
185
|
|
|
186
|
-
return
|
|
186
|
+
return transformedContent;
|
|
187
187
|
}, [content, type, decodeHtmlEntitiesOnRender]); // Use dangerouslySetInnerHTML as there might be nested <p>'s header etc
|
|
188
188
|
// This requires that all content is run through the toSafeText filter
|
|
189
189
|
// before displaying. This will run it through xss filter.
|
package/dist/utils.js
CHANGED
|
@@ -28,6 +28,26 @@ var processMentions = function processMentions() {
|
|
|
28
28
|
var str = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "";
|
|
29
29
|
return str.replace(mentioningRegexGroupCaseInsensitive, processMatch).replace(mentioningHtmlRegexGroupCaseInsensitive, processMatch);
|
|
30
30
|
};
|
|
31
|
+
/**
|
|
32
|
+
* @name toSafeText
|
|
33
|
+
* @description Returns filtered text with filterXSS library
|
|
34
|
+
* @author Antero Hanhirova
|
|
35
|
+
* @param {String} - Text to whitelist
|
|
36
|
+
* @returns {String}
|
|
37
|
+
*/
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
var toSafeText = function toSafeText(text) {
|
|
41
|
+
return xss(text, {
|
|
42
|
+
whiteList: safeTagsAndAttributes,
|
|
43
|
+
css: {
|
|
44
|
+
whiteList: _objectSpread({}, xss.getDefaultCSSWhiteList(), {
|
|
45
|
+
"vertical-align": true
|
|
46
|
+
})
|
|
47
|
+
},
|
|
48
|
+
stripIgnoreTag: true
|
|
49
|
+
}).replace(/ /g, " ").replace(/\u2060/g, ""); // Replaces a hidden character that resulted in a "?"-character in backend
|
|
50
|
+
};
|
|
31
51
|
/**
|
|
32
52
|
* @name toHtml
|
|
33
53
|
* @description Converts markdown to html, adds space to end of String
|
|
@@ -50,31 +70,12 @@ var toHtml = function toHtml() {
|
|
|
50
70
|
newString = processMentions(newString);
|
|
51
71
|
}
|
|
52
72
|
|
|
73
|
+
newString = toSafeText(newString);
|
|
53
74
|
return linkifyHtml(newString, {
|
|
54
75
|
target: "_blank",
|
|
55
76
|
ignoreTags: ["pre", "code", "script", "style"]
|
|
56
77
|
});
|
|
57
78
|
};
|
|
58
|
-
/**
|
|
59
|
-
* @name toSafeText
|
|
60
|
-
* @description Returns filtered text with filterXSS library
|
|
61
|
-
* @author Antero Hanhirova
|
|
62
|
-
* @param {String} - Text to whitelist
|
|
63
|
-
* @returns {String}
|
|
64
|
-
*/
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
var toSafeText = function toSafeText(text) {
|
|
68
|
-
return xss(text, {
|
|
69
|
-
whiteList: safeTagsAndAttributes,
|
|
70
|
-
css: {
|
|
71
|
-
whiteList: _objectSpread({}, xss.getDefaultCSSWhiteList(), {
|
|
72
|
-
"vertical-align": true
|
|
73
|
-
})
|
|
74
|
-
},
|
|
75
|
-
stripIgnoreTag: true
|
|
76
|
-
}).replace(/ /g, " ").replace(/\u2060/g, ""); // Replaces a hidden character that resulted in a "?"-character in backend
|
|
77
|
-
};
|
|
78
79
|
|
|
79
80
|
var loadCodeFont = function loadCodeFont() {
|
|
80
81
|
var id = "ibmMonoOnDemand";
|