discord-message-transcript 1.4.0-dev-next.1.60 → 1.4.0-dev-next.1.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/core/networkSecurity/urlSafety.js +31 -8
  2. package/dist/types/private/network.d.ts +1 -1
  3. package/package.json +2 -2
package/dist/core/networkSecurity/urlSafety.js CHANGED
@@ -4,6 +4,27 @@ import { isPrivateIp } from "./ip.js";
4
4
  import { resolveAllIps } from "./dns.js";
5
5
  const cache = new Map();
6
6
  const CACHELIMIT = 1000 * 5;
7
+ const MAX_CACHE = 500;
8
+ const SIZE_TO_SWEEP = 100;
9
+ function sweepCache() {
10
+ const now = Date.now();
11
+ for (const [key, value] of cache) {
12
+ if (now - value.createdAt > CACHELIMIT) {
13
+ cache.delete(key);
14
+ }
15
+ }
16
+ }
17
+ function maintainCacheSize() {
18
+ if (cache.size <= MAX_CACHE)
19
+ return;
20
+ sweepCache();
21
+ while (cache.size > MAX_CACHE) {
22
+ const firstKey = cache.keys().next().value;
23
+ if (!firstKey)
24
+ break;
25
+ cache.delete(firstKey);
26
+ }
27
+ }
7
28
  export async function isSafeForHTML(url, options) {
8
29
  const { safeMode, disableWarnings } = options;
9
30
  if (!safeMode)
@@ -40,21 +61,23 @@ export async function isSafeForHTML(url, options) {
40
61
  CustomWarn(`Unsafe URL rejected: Blacklisted host "${host}"\nURL: ${url}`, disableWarnings);
41
62
  return { safe: false, safeIps: [], url: url };
42
63
  }
64
+ const path = u.pathname.toLowerCase();
65
+ // External SVGs can execute scripts → allow only from Discord CDN
66
+ if (path.endsWith(".svg")) {
67
+ CustomWarn(`Unsafe URL rejected: External SVG not from Discord CDN\nURL: ${url}`, disableWarnings);
68
+ return { safe: false, safeIps: [], url: url };
69
+ }
43
70
  let checkPromise;
44
71
  const cachedUrl = cache.get(u.origin);
45
- if (cachedUrl && Date.now() - cachedUrl.expired < CACHELIMIT) {
72
+ if (cachedUrl && Date.now() - cachedUrl.createdAt < CACHELIMIT) {
46
73
  const safeReturn = await cachedUrl.safeUrlReturn;
47
74
  checkPromise = Promise.resolve({ safe: safeReturn.safe, safeIps: safeReturn.safeIps, url: url });
48
75
  }
49
76
  else {
50
77
  checkPromise = checkList(url, u, host, disableWarnings);
51
- cache.set(u.origin, { safeUrlReturn: checkPromise, expired: Date.now() });
52
- }
53
- const path = u.pathname.toLowerCase();
54
- // External SVGs can execute scripts → allow only from Discord CDN
55
- if (path.endsWith(".svg")) {
56
- CustomWarn(`Unsafe URL rejected: External SVG not from Discord CDN\nURL: ${url}`, disableWarnings);
57
- return { safe: false, safeIps: [], url: url };
78
+ cache.set(u.origin, { safeUrlReturn: checkPromise, createdAt: Date.now() });
79
+ if (cache.size >= SIZE_TO_SWEEP)
80
+ maintainCacheSize();
58
81
  }
59
82
  return await checkPromise;
60
83
  }
package/dist/types/private/network.d.ts CHANGED
@@ -12,5 +12,5 @@ export interface safeUrlReturn {
12
12
  }
13
13
  export interface cacheSafeUrlReturn {
14
14
  safeUrlReturn: Promise<safeUrlReturn>;
15
- expired: number;
15
+ createdAt: number;
16
16
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "discord-message-transcript",
3
- "version": "1.4.0-dev-next.1.60",
3
+ "version": "1.4.0-dev-next.1.68",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -45,7 +45,7 @@
45
45
  },
46
46
  "homepage": "https://github.com/HenriqueMairesse/discord-message-transcript#readme",
47
47
  "dependencies": {
48
- "discord-message-transcript-base": "1.4.0-dev-next.1.60"
48
+ "discord-message-transcript-base": "1.4.0-dev-next.1.68"
49
49
  },
50
50
  "peerDependencies": {
51
51
  "discord.js": ">=14.19.0 <15"