@nuxtjs/mdc 0.13.1 → 0.13.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module.json +1 -1
- package/dist/module.mjs +2 -0
- package/dist/runtime/parser/utils/props.js +14 -1
- package/package.json +1 -1
package/dist/module.json
CHANGED
package/dist/module.mjs
CHANGED
|
@@ -259,6 +259,8 @@ const module = defineNuxtModule({
|
|
|
259
259
|
},
|
|
260
260
|
headings: options.headings
|
|
261
261
|
});
|
|
262
|
+
nuxt.options.build.transpile ||= [];
|
|
263
|
+
nuxt.options.build.transpile.push("yaml");
|
|
262
264
|
if (options.highlight) {
|
|
263
265
|
addWasmSupport(nuxt);
|
|
264
266
|
if (options.highlight?.noApiRoute !== true) {
|
|
@@ -8,12 +8,25 @@ export const unsafeLinkPrefix = [
|
|
|
8
8
|
"data:text/plain",
|
|
9
9
|
"data:text/xml"
|
|
10
10
|
];
|
|
11
|
+
function isAnchorLinkAllowed(value) {
|
|
12
|
+
const decodedUrl = decodeURIComponent(value);
|
|
13
|
+
const urlSanitized = decodedUrl.replace(/&#x([0-9a-f]+);?/gi, "").replace(/&#(\d+);?/g, "").replace(/&[a-z]+;?/gi, "");
|
|
14
|
+
try {
|
|
15
|
+
const url = new URL(urlSanitized);
|
|
16
|
+
if (unsafeLinkPrefix.some((prefix) => url.protocol.toLowerCase().startsWith(prefix))) {
|
|
17
|
+
return false;
|
|
18
|
+
}
|
|
19
|
+
} catch {
|
|
20
|
+
return false;
|
|
21
|
+
}
|
|
22
|
+
return true;
|
|
23
|
+
}
|
|
11
24
|
export const validateProp = (attribute, value) => {
|
|
12
25
|
if (attribute.startsWith("on")) {
|
|
13
26
|
return false;
|
|
14
27
|
}
|
|
15
28
|
if (attribute === "href" || attribute === "src") {
|
|
16
|
-
return
|
|
29
|
+
return isAnchorLinkAllowed(value);
|
|
17
30
|
}
|
|
18
31
|
return true;
|
|
19
32
|
};
|