acsi-core 0.9.13 → 0.9.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +8 -8
- package/dist/index.js.map +1 -1
- package/dist/index.modern.js +8 -8
- package/dist/index.modern.js.map +1 -1
- package/dist/utils/sanitizeSrc.d.ts +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -3293,18 +3293,18 @@ var utcToLocalTime = (function (time, FORMAT) {
|
|
|
3293
3293
|
|
|
3294
3294
|
var sanitizeSrc = function sanitizeSrc(url) {
|
|
3295
3295
|
if (!url || typeof url !== 'string') {
|
|
3296
|
-
return
|
|
3296
|
+
return '';
|
|
3297
3297
|
}
|
|
3298
3298
|
url = url.trim().replace(/[\s\n\r\t]+/g, '');
|
|
3299
3299
|
if (url.length > 2048) {
|
|
3300
|
-
return
|
|
3300
|
+
return '';
|
|
3301
3301
|
}
|
|
3302
3302
|
var dangerousProtocols = ['javascript:', 'data:text/html', 'vbscript:', 'file:', 'about:', 'blob:'];
|
|
3303
3303
|
var lowerUrl = url.toLowerCase();
|
|
3304
3304
|
for (var _i = 0, _dangerousProtocols = dangerousProtocols; _i < _dangerousProtocols.length; _i++) {
|
|
3305
3305
|
var protocol = _dangerousProtocols[_i];
|
|
3306
3306
|
if (lowerUrl.startsWith(protocol)) {
|
|
3307
|
-
return
|
|
3307
|
+
return '';
|
|
3308
3308
|
}
|
|
3309
3309
|
}
|
|
3310
3310
|
var decoded = decodeURIComponent(url);
|
|
@@ -3312,7 +3312,7 @@ var sanitizeSrc = function sanitizeSrc(url) {
|
|
|
3312
3312
|
for (var _i2 = 0, _dangerousProtocols2 = dangerousProtocols; _i2 < _dangerousProtocols2.length; _i2++) {
|
|
3313
3313
|
var _protocol = _dangerousProtocols2[_i2];
|
|
3314
3314
|
if (decodedLower.includes(_protocol)) {
|
|
3315
|
-
return
|
|
3315
|
+
return '';
|
|
3316
3316
|
}
|
|
3317
3317
|
}
|
|
3318
3318
|
try {
|
|
@@ -3320,18 +3320,18 @@ var sanitizeSrc = function sanitizeSrc(url) {
|
|
|
3320
3320
|
if (/^data:image\/(png|jpeg|jpg|gif|webp|bmp|ico);base64,[A-Za-z0-9+/]+=*$/.test(url)) {
|
|
3321
3321
|
return url;
|
|
3322
3322
|
}
|
|
3323
|
-
return
|
|
3323
|
+
return '';
|
|
3324
3324
|
}
|
|
3325
3325
|
var parsed = new URL(url, window.location.origin);
|
|
3326
3326
|
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
|
3327
|
-
return
|
|
3327
|
+
return '';
|
|
3328
3328
|
}
|
|
3329
3329
|
if (parsed.username || parsed.password) {
|
|
3330
|
-
return
|
|
3330
|
+
return '';
|
|
3331
3331
|
}
|
|
3332
3332
|
return parsed.href;
|
|
3333
3333
|
} catch (error) {
|
|
3334
|
-
return
|
|
3334
|
+
return '';
|
|
3335
3335
|
}
|
|
3336
3336
|
};
|
|
3337
3337
|
|