@happeouikit/content-renderer 3.0.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,9 +1,14 @@
1
1
  # Changelog
2
2
 
3
+ ## 3.0.1
4
+
5
+ - [Fixed] ContentRenderer should now deal with all kinds of xss
6
+
3
7
  ## 3.0.0
4
8
 
5
9
  - [Fixed] the xss converter now accepts a whiteList for CSS properties that includes vertical-align
6
10
  - [Updated] new dependencies updates: React 17 and and Styled Components 5
11
+
7
12
  ## 2.0.1
8
13
 
9
14
  - [Added] Changed type to uppercase and to handle both upper and lowercase. Add warning if lowecase is used.
@@ -68,7 +68,7 @@ import { CopyToClipboardButton } from "@happeouikit/copy-to-clipboard-button";
68
68
  import { BodyUI, sansFamily } from "@happeouikit/typography";
69
69
  import { margin200, media, padding200 } from "@happeouikit/layout";
70
70
  import { active, gray04, gray07, gray09, lighten, warn } from "@happeouikit/colors";
71
- import { toHtml, toSafeText, loadCodeFont, decodeHtmlEntities, removeSpecialCharacters } from "./utils";
71
+ import { toHtml, loadCodeFont, decodeHtmlEntities, removeSpecialCharacters, toSafeText } from "./utils";
72
72
  import { ELEMENT_TYPE_PRE, ELEMENT_TYPE_CODE, HIGHLIGHJS_CSS, HIGHLIGHJS_JS, CODE_BLOCK_AVAILABLE_LANGUAGES } from "./constants";
73
73
  import { jsx as _jsx } from "react/jsx-runtime";
74
74
  import { Fragment as _Fragment } from "react/jsx-runtime";
@@ -177,13 +177,13 @@ var ContentRenderer = function ContentRenderer(_ref) {
177
177
  }, [element, createAnchors, useHashAutoscroll, scrollAndHighlightHash]);
178
178
  var safeText = useMemo(function () {
179
179
  var lowercaseType = type && typeof type === "string" ? type.toLowerCase() : "html";
180
- var transformedContent = lowercaseType === "text" ? "<p>".concat(content, "</p>") : toHtml(content, lowercaseType);
180
+ var transformedContent = lowercaseType === "text" ? toSafeText("<p>".concat(content, "</p>")) : toHtml(content, lowercaseType);
181
181
 
182
182
  if (decodeHtmlEntitiesOnRender) {
183
183
  transformedContent = decodeHtmlEntities(transformedContent);
184
184
  }
185
185
 
186
- return toSafeText(transformedContent);
186
+ return transformedContent;
187
187
  }, [content, type, decodeHtmlEntitiesOnRender]); // Use dangerouslySetInnerHTML as there might be nested <p>'s header etc
188
188
  // This requires that all content is run through the toSafeText filter
189
189
  // before displaying. This will run it through xss filter.
package/dist/utils.js CHANGED
@@ -28,6 +28,26 @@ var processMentions = function processMentions() {
28
28
  var str = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "";
29
29
  return str.replace(mentioningRegexGroupCaseInsensitive, processMatch).replace(mentioningHtmlRegexGroupCaseInsensitive, processMatch);
30
30
  };
31
+ /**
32
+ * @name toSafeText
33
+ * @description Returns filtered text with filterXSS library
34
+ * @author Antero Hanhirova
35
+ * @param {String} - Text to whitelist
36
+ * @returns {String}
37
+ */
38
+
39
+
40
+ var toSafeText = function toSafeText(text) {
41
+ return xss(text, {
42
+ whiteList: safeTagsAndAttributes,
43
+ css: {
44
+ whiteList: _objectSpread({}, xss.getDefaultCSSWhiteList(), {
45
+ "vertical-align": true
46
+ })
47
+ },
48
+ stripIgnoreTag: true
49
+ }).replace(/&nbsp;/g, " ").replace(/\u2060/g, ""); // Replaces a hidden character that resulted in a "?"-character in backend
50
+ };
31
51
  /**
32
52
  * @name toHtml
33
53
  * @description Converts markdown to html, adds space to end of String
@@ -50,31 +70,12 @@ var toHtml = function toHtml() {
50
70
  newString = processMentions(newString);
51
71
  }
52
72
 
73
+ newString = toSafeText(newString);
53
74
  return linkifyHtml(newString, {
54
75
  target: "_blank",
55
76
  ignoreTags: ["pre", "code", "script", "style"]
56
77
  });
57
78
  };
58
- /**
59
- * @name toSafeText
60
- * @description Returns filtered text with filterXSS library
61
- * @author Antero Hanhirova
62
- * @param {String} - Text to whitelist
63
- * @returns {String}
64
- */
65
-
66
-
67
- var toSafeText = function toSafeText(text) {
68
- return xss(text, {
69
- whiteList: safeTagsAndAttributes,
70
- css: {
71
- whiteList: _objectSpread({}, xss.getDefaultCSSWhiteList(), {
72
- "vertical-align": true
73
- })
74
- },
75
- stripIgnoreTag: true
76
- }).replace(/&nbsp;/g, " ").replace(/\u2060/g, ""); // Replaces a hidden character that resulted in a "?"-character in backend
77
- };
78
79
 
79
80
  var loadCodeFont = function loadCodeFont() {
80
81
  var id = "ibmMonoOnDemand";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@happeouikit/content-renderer",
3
- "version": "3.0.0",
3
+ "version": "3.0.1",
4
4
  "description": "Rendering html and markdown content",
5
5
  "main": "dist/index.js",
6
6
  "module": "src/index.js",