@mintlify/common 1.0.811 → 1.0.812
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -211,6 +211,99 @@ export function rebuildStyleValue(properties) {
|
|
|
211
211
|
});
|
|
212
212
|
return `{ ${parts.join(', ')} }`;
|
|
213
213
|
}
|
|
214
|
+
function isPrimitiveLiteralExpression(node) {
|
|
215
|
+
if (node.type === 'Literal')
|
|
216
|
+
return true;
|
|
217
|
+
return (node.type === 'UnaryExpression' &&
|
|
218
|
+
node.operator === '-' &&
|
|
219
|
+
typeof node.argument === 'object' &&
|
|
220
|
+
node.argument != null &&
|
|
221
|
+
node.argument.type === 'Literal');
|
|
222
|
+
}
|
|
223
|
+
function isSafeJsxAttributeValue(value) {
|
|
224
|
+
if (value == null)
|
|
225
|
+
return true;
|
|
226
|
+
if (typeof value !== 'object')
|
|
227
|
+
return false;
|
|
228
|
+
const node = value;
|
|
229
|
+
if (node.type === 'Literal')
|
|
230
|
+
return true;
|
|
231
|
+
if (node.type !== 'JSXExpressionContainer')
|
|
232
|
+
return false;
|
|
233
|
+
if (typeof node.expression !== 'object' || node.expression == null)
|
|
234
|
+
return false;
|
|
235
|
+
return isPrimitiveLiteralExpression(node.expression);
|
|
236
|
+
}
|
|
237
|
+
const DANGEROUS_ELEMENT_NAMES = new Set(['script', 'style', 'iframe', 'meta']);
|
|
238
|
+
function isSafeJsxElementName(name) {
|
|
239
|
+
if (typeof name !== 'object' || name == null)
|
|
240
|
+
return false;
|
|
241
|
+
const node = name;
|
|
242
|
+
if (node.type !== 'JSXIdentifier')
|
|
243
|
+
return false;
|
|
244
|
+
const elementName = node.name;
|
|
245
|
+
if (typeof elementName !== 'string')
|
|
246
|
+
return false;
|
|
247
|
+
return !DANGEROUS_ELEMENT_NAMES.has(elementName.toLowerCase());
|
|
248
|
+
}
|
|
249
|
+
function isEventHandlerAttribute(attributeNode) {
|
|
250
|
+
const name = attributeNode.name;
|
|
251
|
+
if (typeof name !== 'object' || name == null)
|
|
252
|
+
return false;
|
|
253
|
+
const nameNode = name;
|
|
254
|
+
if (typeof nameNode.name !== 'string')
|
|
255
|
+
return false;
|
|
256
|
+
return /^on[A-Z]/.test(nameNode.name);
|
|
257
|
+
}
|
|
258
|
+
function isSafeStaticJsxNode(node) {
|
|
259
|
+
if (node.type === 'JSXText')
|
|
260
|
+
return true;
|
|
261
|
+
if (node.type === 'JSXEmptyExpression')
|
|
262
|
+
return true;
|
|
263
|
+
if (node.type === 'JSXExpressionContainer') {
|
|
264
|
+
if (typeof node.expression !== 'object' || node.expression == null)
|
|
265
|
+
return false;
|
|
266
|
+
const expression = node.expression;
|
|
267
|
+
if (expression.type === 'JSXEmptyExpression')
|
|
268
|
+
return true;
|
|
269
|
+
return isPrimitiveLiteralExpression(expression);
|
|
270
|
+
}
|
|
271
|
+
if (node.type === 'JSXFragment') {
|
|
272
|
+
if (!Array.isArray(node.children))
|
|
273
|
+
return false;
|
|
274
|
+
return node.children.every((child) => typeof child === 'object' && child != null && isSafeStaticJsxNode(child));
|
|
275
|
+
}
|
|
276
|
+
if (node.type !== 'JSXElement')
|
|
277
|
+
return false;
|
|
278
|
+
if (typeof node.openingElement !== 'object' || node.openingElement == null)
|
|
279
|
+
return false;
|
|
280
|
+
const openingElement = node.openingElement;
|
|
281
|
+
if (!isSafeJsxElementName(openingElement.name))
|
|
282
|
+
return false;
|
|
283
|
+
if (!Array.isArray(openingElement.attributes))
|
|
284
|
+
return false;
|
|
285
|
+
const attributesAreSafe = openingElement.attributes.every((attribute) => {
|
|
286
|
+
if (typeof attribute !== 'object' || attribute == null)
|
|
287
|
+
return false;
|
|
288
|
+
const attributeNode = attribute;
|
|
289
|
+
if (attributeNode.type !== 'JSXAttribute')
|
|
290
|
+
return false;
|
|
291
|
+
if (isEventHandlerAttribute(attributeNode))
|
|
292
|
+
return false;
|
|
293
|
+
return isSafeJsxAttributeValue(attributeNode.value);
|
|
294
|
+
});
|
|
295
|
+
if (!attributesAreSafe)
|
|
296
|
+
return false;
|
|
297
|
+
if (!Array.isArray(node.children))
|
|
298
|
+
return false;
|
|
299
|
+
return node.children.every((child) => typeof child === 'object' && child != null && isSafeStaticJsxNode(child));
|
|
300
|
+
}
|
|
301
|
+
function isSafeStaticJsx(estree) {
|
|
302
|
+
const stmt = estree === null || estree === void 0 ? void 0 : estree.body[0];
|
|
303
|
+
if ((stmt === null || stmt === void 0 ? void 0 : stmt.type) !== 'ExpressionStatement')
|
|
304
|
+
return false;
|
|
305
|
+
return isSafeStaticJsxNode(stmt.expression);
|
|
306
|
+
}
|
|
214
307
|
function collectIdentifiersFromPattern(pattern, out) {
|
|
215
308
|
if (pattern.type === 'Identifier') {
|
|
216
309
|
out.push({ name: pattern.name, isFunction: false });
|
|
@@ -400,7 +493,7 @@ export function remarkMdxRemoveJs() {
|
|
|
400
493
|
if (!('attributes' in node))
|
|
401
494
|
return CONTINUE;
|
|
402
495
|
const newAttributes = node.attributes.map((attr) => {
|
|
403
|
-
var _a, _b, _c, _d, _e, _f, _g;
|
|
496
|
+
var _a, _b, _c, _d, _e, _f, _g, _h;
|
|
404
497
|
if (attr.type === 'mdxJsxAttribute' && !(attr.value instanceof Object))
|
|
405
498
|
return attr;
|
|
406
499
|
if (typeof attr.value === 'string' && isStringSafe(attr.value))
|
|
@@ -414,7 +507,9 @@ export function remarkMdxRemoveJs() {
|
|
|
414
507
|
}
|
|
415
508
|
if (((_b = attr.value.data) === null || _b === void 0 ? void 0 : _b.estree) && isArrayOfStringLiterals(attr.value.data.estree))
|
|
416
509
|
return attr;
|
|
417
|
-
if (
|
|
510
|
+
if (isSafeStaticJsx((_c = attr.value.data) === null || _c === void 0 ? void 0 : _c.estree))
|
|
511
|
+
return attr;
|
|
512
|
+
if (attr.name === 'style' && ((_d = attr.value.data) === null || _d === void 0 ? void 0 : _d.estree)) {
|
|
418
513
|
const filteredEstree = filterStyleProperties(attr.value.data.estree);
|
|
419
514
|
if (filteredEstree) {
|
|
420
515
|
const stmt = filteredEstree.body[0];
|
|
@@ -428,9 +523,9 @@ export function remarkMdxRemoveJs() {
|
|
|
428
523
|
return undefined;
|
|
429
524
|
}
|
|
430
525
|
if (Object.keys(DEFAULT_PROP_EXPRESSIONS).includes(attr.name)) {
|
|
431
|
-
attr.value.value = (
|
|
526
|
+
attr.value.value = (_f = (_e = DEFAULT_PROP_EXPRESSIONS[attr.name]) === null || _e === void 0 ? void 0 : _e.value) !== null && _f !== void 0 ? _f : '{}';
|
|
432
527
|
attr.value.data = {
|
|
433
|
-
estree: structuredClone((
|
|
528
|
+
estree: structuredClone((_h = (_g = DEFAULT_PROP_EXPRESSIONS[attr.name]) === null || _g === void 0 ? void 0 : _g.estree) !== null && _h !== void 0 ? _h : objectEstree),
|
|
434
529
|
};
|
|
435
530
|
return attr;
|
|
436
531
|
}
|