@very_aq/codex-cli-web 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +6 -1
- package/server/dist/chat/markdown/markdownAst.js +2 -5
- package/server/dist/chat/markdown/markdownAst.js.map +1 -1
- package/server/dist/chat/markdown/sanitizeUrl.d.ts +7 -0
- package/server/dist/chat/markdown/sanitizeUrl.js +66 -0
- package/server/dist/chat/markdown/sanitizeUrl.js.map +1 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@very_aq/codex-cli-web",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.4",
|
|
4
4
|
"private": false,
|
|
5
5
|
"bin": {
|
|
6
6
|
"ccw": "bin/ccw"
|
|
@@ -29,7 +29,12 @@
|
|
|
29
29
|
"better-sqlite3": "^11.8.1",
|
|
30
30
|
"busboy": "^1.6.0",
|
|
31
31
|
"express": "^4.19.2",
|
|
32
|
+
"remark-breaks": "^4.0.0",
|
|
33
|
+
"remark-gfm": "^4.0.1",
|
|
34
|
+
"remark-parse": "^11.0.0",
|
|
35
|
+
"remark-rehype": "^11.1.2",
|
|
32
36
|
"socket.io": "^4.8.3",
|
|
37
|
+
"unified": "^11.0.5",
|
|
33
38
|
"ws": "^8.17.1"
|
|
34
39
|
},
|
|
35
40
|
"devDependencies": {
|
|
@@ -4,12 +4,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.buildMarkdownAst = buildMarkdownAst;
|
|
7
|
-
const micromark_util_sanitize_uri_1 = require("micromark-util-sanitize-uri");
|
|
8
7
|
const unified_1 = require("unified");
|
|
9
8
|
const remark_breaks_1 = __importDefault(require("remark-breaks"));
|
|
10
9
|
const remark_gfm_1 = __importDefault(require("remark-gfm"));
|
|
11
10
|
const remark_parse_1 = __importDefault(require("remark-parse"));
|
|
12
11
|
const remark_rehype_1 = __importDefault(require("remark-rehype"));
|
|
12
|
+
const sanitizeUrl_1 = require("./sanitizeUrl");
|
|
13
13
|
/**
|
|
14
14
|
* 判断未知节点是否为 HAST element。
|
|
15
15
|
*/
|
|
@@ -72,10 +72,7 @@ function readStringProperty(value) {
|
|
|
72
72
|
* 归一化链接地址,避免 `javascript:` 等危险协议。
|
|
73
73
|
*/
|
|
74
74
|
function normalizeSafeUrl(rawUrl) {
|
|
75
|
-
|
|
76
|
-
if (!raw)
|
|
77
|
-
return "";
|
|
78
|
-
return (0, micromark_util_sanitize_uri_1.sanitizeUri)(raw);
|
|
75
|
+
return (0, sanitizeUrl_1.sanitizeUrl)(rawUrl);
|
|
79
76
|
}
|
|
80
77
|
/**
|
|
81
78
|
* 将 HAST 节点转换为可 JSON 序列化、前端可直接渲染的 UiMarkdownAst。
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdownAst.js","sourceRoot":"","sources":["../../../src/chat/markdown/markdownAst.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"markdownAst.js","sourceRoot":"","sources":["../../../src/chat/markdown/markdownAst.ts"],"names":[],"mappings":";;;;;AA6JA,4CAiBC;AA9KD,qCAAkC;AAClC,kEAAyC;AACzC,4DAAmC;AACnC,gEAAuC;AACvC,kEAAyC;AAEzC,+CAA4C;AAqB5C;;GAEG;AACH,SAAS,aAAa,CAAC,IAAa;IAClC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACpD,OAAQ,IAAY,CAAC,IAAI,KAAK,SAAS,IAAI,OAAQ,IAAY,CAAC,OAAO,KAAK,QAAQ,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAa;IAC/B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACpD,OAAQ,IAAY,CAAC,IAAI,KAAK,MAAM,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAa;IAC/B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACpD,OAAQ,IAAY,CAAC,IAAI,KAAK,MAAM,IAAI,OAAQ,IAAY,CAAC,KAAK,KAAK,QAAQ,CAAC;AAClF,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC1F,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/F,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,UAAmC,EAAE,SAAiB;IAC7E,MAAM,mBAAmB,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,mBAAmB;QAAE,OAAO;IAEjC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC3C,UAAU,CAAC,SAAS,GAAG,QAAQ,CAAC;QAChC,OAAO;IACT,CAAC;IAED,UAAU,CAAC,SAAS,GAAG,CAAC,GAAG,QAAQ,EAAE,mBAAmB,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAe;IACvC,OAAO,IAAA,yBAAW,EAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,IAAa,EAAE,aAA4B;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,YAAY,GAAG,QAAQ;aAC1B,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aAC5C,MAAM,CAAC,CAAC,KAAK,EAA0B,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IAClD,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IAEjE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACpG,MAAM,UAAU,GAA4B,EAAE,GAAG,aAAa,EAAE,CAAC;IAEjE,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,GAAG,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACpD,UAAU,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC7B,UAAU,CAAC,GAAG,GAAG,YAAY,CAAC;IAChC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;QACtB,UAAU,CAAC,GAAG,GAAG,gBAAgB,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAClD,UAAU,CAAC,OAAO,GAAG,MAAM,CAAC;QAC5B,UAAU,CAAC,GAAG,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;QACtB,eAAe,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,OAAO,KAAK,MAAM,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAClD,eAAe,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IACnE,MAAM,YAAY,GAAG,QAAQ;SAC1B,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;SAC/C,MAAM,CAAC,CAAC,KAAK,EAA0B,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IAE7D,MAAM,OAAO,GAAkB;QAC7B,IAAI,EAAE,SAAS;QACf,OAAO;QACP,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QACnE,QAAQ,EAAE,YAAY;KACvB,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,kBAAkB,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IAE5C,MAAM,SAAS,GAAG,IAAA,iBAAO,GAAE;SACxB,GAAG,CAAC,sBAAW,CAAC;SAChB,GAAG,CAAC,oBAAS,CAAC;SACd,GAAG,CAAC,uBAAY,CAAC;QAClB,oCAAoC;SACnC,GAAG,CAAC,uBAAY,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAyB,CAAC;IAC9D,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAsB,CAAC;IAC/F,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.sanitizeUrl = sanitizeUrl;
|
|
4
|
+
/**
|
|
5
|
+
* 允许出现在 URL 中的协议白名单。
|
|
6
|
+
*/
|
|
7
|
+
const ALLOWED_SCHEMES = new Set(["http", "https", "mailto", "tel"]);
|
|
8
|
+
/**
|
|
9
|
+
* 将未知输入安全转换为字符串(仅允许 string/number)。
|
|
10
|
+
*/
|
|
11
|
+
function readStringValue(value) {
|
|
12
|
+
if (typeof value === "string")
|
|
13
|
+
return value;
|
|
14
|
+
if (typeof value === "number" && Number.isFinite(value))
|
|
15
|
+
return String(value);
|
|
16
|
+
return "";
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* 去掉字符串中的控制字符与空白字符,用于协议检测(防止 `java\nscript:` 绕过)。
|
|
20
|
+
*/
|
|
21
|
+
function stripControlAndWhitespace(value) {
|
|
22
|
+
return value.replace(/[\u0000-\u0020\u007F\s]+/gu, "");
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* 判断是否为相对 URL(包括 hash/query/路径/协议相对)。
|
|
26
|
+
*/
|
|
27
|
+
function isRelativeUrl(value) {
|
|
28
|
+
return (value.startsWith("#") ||
|
|
29
|
+
value.startsWith("?") ||
|
|
30
|
+
value.startsWith("/") ||
|
|
31
|
+
value.startsWith("./") ||
|
|
32
|
+
value.startsWith("../") ||
|
|
33
|
+
value.startsWith("//"));
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* 对 URL 做基础编码(encodeURI),避免空格等不可见字符进入最终属性。
|
|
37
|
+
*/
|
|
38
|
+
function safeEncodeUri(value) {
|
|
39
|
+
try {
|
|
40
|
+
return encodeURI(value);
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
return "";
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* 归一化并净化 URL:
|
|
48
|
+
* - 允许:相对 URL、http/https/mailto/tel;
|
|
49
|
+
* - 拒绝:javascript/data/file/vbscript 等非白名单协议;
|
|
50
|
+
* - 返回编码后的字符串;不安全/无效返回空串。
|
|
51
|
+
*/
|
|
52
|
+
function sanitizeUrl(rawUrl) {
|
|
53
|
+
const raw = readStringValue(rawUrl).trim();
|
|
54
|
+
if (!raw)
|
|
55
|
+
return "";
|
|
56
|
+
if (isRelativeUrl(raw))
|
|
57
|
+
return safeEncodeUri(raw);
|
|
58
|
+
const match = stripControlAndWhitespace(raw).toLowerCase().match(/^([a-z][a-z0-9+.-]*):/u);
|
|
59
|
+
if (!match)
|
|
60
|
+
return safeEncodeUri(raw);
|
|
61
|
+
const scheme = match[1] ?? "";
|
|
62
|
+
if (!ALLOWED_SCHEMES.has(scheme))
|
|
63
|
+
return "";
|
|
64
|
+
return safeEncodeUri(raw);
|
|
65
|
+
}
|
|
66
|
+
//# sourceMappingURL=sanitizeUrl.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitizeUrl.js","sourceRoot":"","sources":["../../../src/chat/markdown/sanitizeUrl.ts"],"names":[],"mappings":";;AAoDA,kCAaC;AAjED;;GAEG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAEpE;;GAEG;AACH,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,KAAa;IAC9C,OAAO,KAAK,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,CACL,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACrB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QACtB,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QACvB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAe;IACzC,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IAEpB,IAAI,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC3F,IAAI,CAAC,KAAK;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAEtC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IAE5C,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC"}
|