@waline/vercel 1.26.4-deta → 1.26.5-deta

package/package.json

@@ -1,55 +1,55 @@
 {
-  "name": "@waline/vercel",
-  "version": "1.26.4-deta",
-  "description": "vercel server for waline comment system",
-  "keywords": [
-    "waline",
-    "vercel",
-    "comment",
-    "blog"
-  ],
-  "repository": {
-    "url": "https://github.com/walinejs/waline",
-    "directory": "packages/server"
-  },
-  "license": "MIT",
-  "author": "lizheming <i@imnerd.org>",
-  "dependencies": {
-    "@cloudbase/node-sdk": "2.9.1",
-    "@koa/cors": "4.0.0",
-    "akismet": "2.0.7",
-    "deta": "1.1.0",
-    "dompurify": "3.0.1",
-    "dy-node-ip2region": "1.0.1",
-    "fast-csv": "4.3.6",
-    "form-data": "4.0.0",
-    "jsdom": "21.1.0",
-    "jsonwebtoken": "9.0.0",
-    "katex": "0.16.4",
-    "leancloud-storage": "4.14.0",
-    "markdown-it": "13.0.1",
-    "markdown-it-emoji": "2.0.2",
-    "markdown-it-sub": "1.0.0",
-    "markdown-it-sup": "1.0.0",
-    "mathjax-full": "3.2.2",
-    "node-fetch": "2.6.9",
-    "nodemailer": "6.9.1",
-    "nunjucks": "3.2.3",
-    "phpass": "0.1.1",
-    "prismjs": "1.29.0",
-    "speakeasy": "2.0.0",
-    "think-helper": "1.1.4",
-    "think-logger3": "1.3.1",
-    "think-model": "1.5.4",
-    "think-model-mysql": "1.1.7",
-    "think-model-mysql2": "^2.0.0",
-    "think-model-postgresql": "1.1.7",
-    "think-mongo": "2.2.1",
-    "think-router-rest": "1.0.5",
-    "thinkjs": "3.2.14",
-    "ua-parser-js": "1.0.33"
-  },
-  "engines": {
-    "node": ">=14"
-  }
+	"name": "@waline/vercel",
+	"version": "1.26.5-deta",
+	"description": "vercel server for waline comment system",
+	"keywords": [
+		"waline",
+		"vercel",
+		"comment",
+		"blog"
+	],
+	"repository": {
+		"url": "https://github.com/walinejs/waline",
+		"directory": "packages/server"
+	},
+	"license": "MIT",
+	"author": "lizheming <i@imnerd.org>",
+	"dependencies": {
+		"@cloudbase/node-sdk": "2.9.1",
+		"@koa/cors": "4.0.0",
+		"akismet": "2.0.7",
+		"deta": "1.1.0",
+		"dompurify": "3.0.1",
+		"dy-node-ip2region": "1.0.1",
+		"fast-csv": "4.3.6",
+		"form-data": "4.0.0",
+		"jsdom": "21.1.1",
+		"jsonwebtoken": "9.0.0",
+		"katex": "0.16.4",
+		"leancloud-storage": "4.14.0",
+		"markdown-it": "13.0.1",
+		"markdown-it-emoji": "2.0.2",
+		"markdown-it-sub": "1.0.0",
+		"markdown-it-sup": "1.0.0",
+		"mathjax-full": "3.2.2",
+		"node-fetch": "2.6.9",
+		"nodemailer": "6.9.1",
+		"nunjucks": "3.2.3",
+		"phpass": "0.1.1",
+		"prismjs": "1.29.0",
+		"speakeasy": "2.0.0",
+		"think-helper": "1.1.4",
+		"think-logger3": "1.3.1",
+		"think-model": "1.5.4",
+		"think-model-mysql": "1.1.7",
+		"think-model-mysql2": "^2.0.0",
+		"think-model-postgresql": "1.1.7",
+		"think-mongo": "2.2.1",
+		"think-router-rest": "1.0.5",
+		"thinkjs": "3.2.14",
+		"ua-parser-js": "1.0.34"
+	},
+	"engines": {
+		"node": ">=14"
+	}
 }

package/src/extend/think.js

@@ -6,7 +6,7 @@ const preventMessage = 'PREVENT_NEXT_PROCESS';
 const regionSearch = ip2region.create(process.env.IP2REGION_DB);
 
 const OS_VERSION_MAP = {
-  'Windows': {
+  Windows: {
     'NT 11.0': '11',
   },
 };

package/src/service/markdown/xss.js

@@ -5,13 +5,13 @@ const DOMPurify = createDOMPurify(new JSDOM('').window);
 
 /**
  * Add a hook to make all links open a new window
- * and force their rel to be 'noreferrer noopener'
+ * and force their rel to be 'nofollow noreferrer noopener'
  */
 DOMPurify.addHook('afterSanitizeAttributes', function (node) {
   // set all elements owning target to target=_blank
   if ('target' in node && node.href && !node.href.startsWith('about:blank#')) {
     node.setAttribute('target', '_blank');
-    node.setAttribute('rel', 'noreferrer noopener');
+    node.setAttribute('rel', 'nofollow noreferrer noopener');
   }
 
   // set non-HTML/MathML links to xlink:show=new