clay-server 2.25.0 → 2.25.1-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -187,22 +187,18 @@ export function svgToPngDataUrl(svgEl) {
|
|
|
187
187
|
var svgBlob = new Blob([svgStr], { type: "image/svg+xml;charset=utf-8" });
|
|
188
188
|
var url = URL.createObjectURL(svgBlob);
|
|
189
189
|
|
|
190
|
-
//
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
} catch (e) {}
|
|
198
|
-
// Strip any external references (url(), @import) that would taint the canvas
|
|
199
|
-
svgStr = svgStr.replace(/@import\s+url\([^)]*\)[^;]*;?/g, "");
|
|
190
|
+
// Strip all external references that would taint the canvas
|
|
191
|
+
// 1. @import rules
|
|
192
|
+
svgStr = svgStr.replace(/@import\s+[^;]*;?/g, "");
|
|
193
|
+
// 2. CSS url() pointing to external resources (keep data: and fragment-only refs)
|
|
194
|
+
svgStr = svgStr.replace(/url\(\s*['"]?(?!data:|#)([^'")]+)['"]?\s*\)/g, "url()");
|
|
195
|
+
// 3. xlink:href / href attributes pointing to external URLs
|
|
196
|
+
svgStr = svgStr.replace(/(xlink:href|href)\s*=\s*["'](?!#|data:)[^"']*["']/g, '$1=""');
|
|
200
197
|
svgBlob = new Blob([svgStr], { type: "image/svg+xml;charset=utf-8" });
|
|
201
198
|
URL.revokeObjectURL(url);
|
|
202
199
|
url = URL.createObjectURL(svgBlob);
|
|
203
200
|
|
|
204
201
|
var img = new Image();
|
|
205
|
-
img.crossOrigin = "anonymous";
|
|
206
202
|
img.onload = function () {
|
|
207
203
|
var canvas = document.createElement("canvas");
|
|
208
204
|
canvas.width = w;
|