@vizejs/nuxt 0.89.0 → 0.91.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -8,17 +8,27 @@ function sanitizeNuxtDevStylesheetLinks(html, buildAssetsDir = "/_nuxt/") {
|
|
|
8
8
|
}
|
|
9
9
|
const normalizedAssetsDir = normalizeUrlPrefix(buildAssetsDir);
|
|
10
10
|
const seenHrefs = /* @__PURE__ */ new Set();
|
|
11
|
+
function decodePathPart(pathPart) {
|
|
12
|
+
try {
|
|
13
|
+
return decodeURIComponent(pathPart);
|
|
14
|
+
} catch {
|
|
15
|
+
return pathPart;
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
function hasUnsafePathSegment(pathPart) {
|
|
19
|
+
return pathPart.split(/[\\/]/).some((segment) => segment === "..");
|
|
20
|
+
}
|
|
21
|
+
function isAllowedNuxtDevStylesheetPath(pathPart) {
|
|
22
|
+
return pathPart.startsWith("@fs/") || pathPart.startsWith("@id/") || pathPart.startsWith("assets/") || pathPart.startsWith("virtual:") || /^__[\w.-]+\.css$/i.test(pathPart) || /^[\w.-]+\.css$/i.test(pathPart);
|
|
23
|
+
}
|
|
11
24
|
function shouldKeepHref(href) {
|
|
12
25
|
if (seenHrefs.has(href)) return false;
|
|
13
26
|
seenHrefs.add(href);
|
|
14
27
|
if (!href.startsWith(normalizedAssetsDir)) return true;
|
|
15
28
|
const pathPart = href.slice(normalizedAssetsDir.length).split("?")[0].split("#")[0];
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
} catch {}
|
|
20
|
-
if (decodedPath.includes("\0")) return false;
|
|
21
|
-
return pathPart.startsWith("@fs/") || pathPart.startsWith("@id/") || pathPart.startsWith("assets/") || pathPart.startsWith("virtual:") || /^__[\w.-]+\.css$/i.test(pathPart) || /^[\w.-]+\.css$/i.test(pathPart);
|
|
29
|
+
const decodedPath = decodePathPart(pathPart);
|
|
30
|
+
if (decodedPath.includes("\0") || hasUnsafePathSegment(decodedPath)) return false;
|
|
31
|
+
return isAllowedNuxtDevStylesheetPath(decodedPath);
|
|
22
32
|
}
|
|
23
33
|
return html.replace(/<link\b(?=[^>]*\brel=(["'])stylesheet\1)[^>]*\bhref=(["'])(.*?)\2[^>]*>/gi, (tag, _relQuote, _hrefQuote, href) => shouldKeepHref(href) ? tag : "");
|
|
24
34
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vizejs/nuxt",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.91.0",
|
|
4
4
|
"description": "Nuxt module for Vize - compiler, musea gallery, linter, and type checker",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"compiler",
|
|
@@ -37,10 +37,10 @@
|
|
|
37
37
|
},
|
|
38
38
|
"dependencies": {
|
|
39
39
|
"@nuxt/kit": "4.4.5",
|
|
40
|
-
"@vizejs/musea-nuxt": "0.
|
|
41
|
-
"@vizejs/vite-plugin": "0.
|
|
42
|
-
"@vizejs/vite-plugin-musea": "0.
|
|
43
|
-
"vize": "0.
|
|
40
|
+
"@vizejs/musea-nuxt": "0.91.0",
|
|
41
|
+
"@vizejs/vite-plugin": "0.91.0",
|
|
42
|
+
"@vizejs/vite-plugin-musea": "0.91.0",
|
|
43
|
+
"vize": "0.91.0"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
46
46
|
"typescript": "6.0.3",
|
|
@@ -55,6 +55,7 @@
|
|
|
55
55
|
"scripts": {
|
|
56
56
|
"build": "vp pack",
|
|
57
57
|
"dev": "vp pack --watch",
|
|
58
|
+
"test": "node --test src/*.test.ts src/**/*.test.ts",
|
|
58
59
|
"check": "vp check src vite.config.ts",
|
|
59
60
|
"check:fix": "vp check --fix src vite.config.ts",
|
|
60
61
|
"fmt": "vp fmt --write src vite.config.ts"
|