@primer/doctocat-nextjs 0.0.0-20250904124254 → 0.0.0-20250904143157

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +2 -2
  2. package/components/layout/code-block/CodeBlock.tsx +4 -3
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # @primer/doctocat-nextjs
2
2
 
3
- ## 0.0.0-20250904124254
3
+ ## 0.0.0-20250904143157
4
4
 
5
5
  ### Patch Changes
6
6
 
7
7
  - Fake entry to force publishing
8
8
 
9
- ## 0.0.0-20250904124253
9
+ ## 0.0.0-20250904143154
10
10
 
11
11
  ### Minor Changes
12
12
 
package/components/layout/code-block/CodeBlock.tsx CHANGED
@@ -43,10 +43,11 @@ export function CodeBlock(props: CodeBlockProps) {
43
43
  try {
44
44
  const childrenAsString = renderToStaticMarkup(<>{props.children}</>)
45
45
 
46
- // cleans the tag to prevent script injection
46
+ // Extract text content using browser's HTML parser (immune to regex bypass attacks)
47
47
  const cleanHtmlTag = (str: string): string => {
48
- const cleaned = str.replace(/<[^>]*>/g, '')
49
- return cleaned === str ? cleaned : cleanHtmlTag(cleaned)
48
+ const parser = new DOMParser()
49
+ const doc = parser.parseFromString(str, 'text/html')
50
+ return doc.body.textContent || doc.body.innerText || ''
50
51
  }
51
52
 
52
53
  const textContent = cleanHtmlTag(childrenAsString)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@primer/doctocat-nextjs",
3
- "version": "0.0.0-20250904124254",
3
+ "version": "0.0.0-20250904143157",
4
4
  "description": "A Next.js theme for building Primer documentation sites",
5
5
  "main": "index.js",
6
6
  "type": "module",