npm - expensify-common - Versions diffs - 2.0.180 → 2.0.182 - Mend

expensify-common 2.0.180 → 2.0.182

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/CONST.d.ts CHANGED Viewed

@@ -804,6 +804,9 @@ declare const CONST: {
             readonly SUSPICIOUS_PAN_ENTRY: 8;
             readonly SUSPICIOUS_PAN_ENTRY_CLEARED: 9;
             readonly SUSPICIOUS_PAN_ENTRY_CONFIRMED: 10;
+            readonly SUSPICIOUS_TRANSACTIONS_DETECTED: 11;
+            readonly SUSPICIOUS_TRANSACTIONS_DETECTED_CLEARED: 12;
+            readonly SUSPICIOUS_TRANSACTIONS_DETECTED_CONFIRMED: 13;
         };
     };
     readonly TRAVEL_BOOKING: {

package/dist/CONST.js CHANGED Viewed

@@ -848,6 +848,9 @@ const CONST = {
             SUSPICIOUS_PAN_ENTRY: 8,
             SUSPICIOUS_PAN_ENTRY_CLEARED: 9,
             SUSPICIOUS_PAN_ENTRY_CONFIRMED: 10,
+            SUSPICIOUS_TRANSACTIONS_DETECTED: 11,
+            SUSPICIOUS_TRANSACTIONS_DETECTED_CLEARED: 12,
+            SUSPICIOUS_TRANSACTIONS_DETECTED_CONFIRMED: 13,
         },
     },
     TRAVEL_BOOKING: {

package/dist/ExpensiMark.d.ts CHANGED Viewed

@@ -54,6 +54,11 @@ type TruncateOptions = {
     removeImageTag?: boolean;
 };
 export default class ExpensiMark {
+    extractVictoryChartTags: (text: string) => {
+        text: string;
+        tags: string[];
+    };
+    restoreVictoryChartTags: (text: string, tags: string[]) => string;
     getAttributeCache: (extras?: Extras) => {
         attrCachingFn: ((vidSource: string, attrs: string) => void) | undefined;
         attrCache: Record<string, string> | undefined;

package/dist/ExpensiMark.js CHANGED Viewed

@@ -47,6 +47,13 @@ const MARKDOWN_LINK_REGEX = new RegExp(`\\[((?:[^\\[\\]\\r\\n]*(?:\\[[^\\[\\]\\r
 const MARKDOWN_IMAGE_REGEX = new RegExp(`\\!(?:\\[([^\\][]*(?:\\[[^\\][]*][^\\][]*)*)])?\\(${UrlPatterns.MARKDOWN_URL_REGEX}\\)(?![^<]*(<\\/pre>|<\\/code>))`, 'gi');
 const MARKDOWN_VIDEO_REGEX = new RegExp(`\\!(?:\\[([^\\][]*(?:\\[[^\\][]*][^\\][]*)*)])?\\(((${UrlPatterns.MARKDOWN_URL_REGEX})\\.(?:${Constants.CONST.VIDEO_EXTENSIONS.join('|')}))\\)(?![^<]*(<\\/pre>|<\\/code>))`, 'gi');
 const SLACK_SPAN_NEW_LINE_TAG = '<span class="c-mrkdwn__br" data-stringify-type="paragraph-break" style="box-sizing: inherit; display: block; height: unset;"></span>';
+// Preserve VirtualCFO chart blocks by matching the outer <VictoryChart> container.
+// This captures all nested Victory components and prevents markup escaping during conversion.
+const VICTORY_CHART_REGEX = /<VictoryChart\b[^>]*\/>|<VictoryChart\b[^>]*>[\s\S]*?<\/VictoryChart>/gi;
+// Chart placeholders use NUL characters as delimiters to prevent conflicts with user content.
+const VICTORY_CHART_PLACEHOLDER_DELIMITER = String.fromCharCode(0);
+const VICTORY_CHART_PLACEHOLDER_PATTERN = new RegExp(`${VICTORY_CHART_PLACEHOLDER_DELIMITER}(\\d+)${VICTORY_CHART_PLACEHOLDER_DELIMITER}`, 'g');
+const createVictoryChartPlaceholder = (index) => `${VICTORY_CHART_PLACEHOLDER_DELIMITER}${index}${VICTORY_CHART_PLACEHOLDER_DELIMITER}`;
 class ExpensiMark {
     /**
      * Set the logger to use for logging inside of the ExpensiMark class
@@ -56,6 +63,21 @@ class ExpensiMark {
         ExpensiMark.Log = logger;
     }
     constructor() {
+        this.extractVictoryChartTags = (text) => {
+            const tags = [];
+            const out = text.replace(VICTORY_CHART_REGEX, (match) => {
+                const placeholder = createVictoryChartPlaceholder(tags.length);
+                tags.push(match);
+                return placeholder;
+            });
+            return { text: out, tags };
+        };
+        this.restoreVictoryChartTags = (text, tags) => {
+            if (tags.length === 0) {
+                return text;
+            }
+            return text.replace(VICTORY_CHART_PLACEHOLDER_PATTERN, (match, idx) => { var _a; return (_a = tags[Number(idx)]) !== null && _a !== void 0 ? _a : match; });
+        };
         this.getAttributeCache = (extras) => {
             var _a, _b;
             if (!extras) {
@@ -725,6 +747,11 @@ class ExpensiMark {
                 regex: /<video[^><]*data-expensify-source\s*=\s*(['"])(\S*?)\1(.*?)>([^><]*)<\/video>*(?![^<][\s\S]*?(<\/pre>|<\/code>))/gi,
                 replacement: '[Attachment]',
             },
+            {
+                name: 'victoryChart',
+                regex: /<VictoryChart\b[^>]*\/>|<VictoryChart\b[^>]*>[\s\S]*?<\/VictoryChart>/gi,
+                replacement: '[chart]',
+            },
             {
                 name: 'otherAttachments',
                 regex: /<a[^><]*data-expensify-source\s*=\s*(['"])(\S*?)\1(.*?)>([^><]*)<\/a>*(?![^<][\s\S]*?(<\/pre>|<\/code>))/gi,
@@ -824,8 +851,11 @@ class ExpensiMark {
         if (!text) {
             return '';
         }
+        // Extract VictoryChart blocks to preserve their markup during processing.
+        // Only safe for trusted server input - user input must be escaped to prevent XSS.
+        const { text: textWithPlaceholders, tags: victoryChartTags } = shouldEscapeText ? { text, tags: [] } : this.extractVictoryChartTags(text);
         // This ensures that any html the user puts into the comment field shows as raw html
-        let replacedText = shouldEscapeText ? Utils.escapeText(text) : text;
+        let replacedText = shouldEscapeText ? Utils.escapeText(textWithPlaceholders) : textWithPlaceholders;
         const rules = this.getHtmlRuleset(filterRules, disabledRules, shouldKeepRawInput);
         const processRule = (rule) => {
             // Pre-process text before applying regex
@@ -855,7 +885,7 @@ class ExpensiMark {
             // We want to return text without applying rules if exception occurs during replacing
             return shouldEscapeText ? Utils.escapeText(text) : text;
         }
-        return replacedText;
+        return this.restoreVictoryChartTags(replacedText, victoryChartTags);
     }
     /**
      * Checks matched URLs for validity and replace valid links with html elements
@@ -1087,6 +1117,9 @@ class ExpensiMark {
             generatedMarkdown = parseBodyTag[2];
         }
         generatedMarkdown = this.unpackNestedQuotes(generatedMarkdown);
+        // Extract VictoryChart blocks before HTML stripping, then restore them.
+        const { text: textWithPlaceholders, tags: victoryChartTags } = this.extractVictoryChartTags(generatedMarkdown);
+        generatedMarkdown = textWithPlaceholders;
         const processRule = (rule) => {
             // Pre-processes input HTML before applying regex
             if (rule.pre) {
@@ -1095,7 +1128,8 @@ class ExpensiMark {
             generatedMarkdown = this.replaceTextWithExtras(generatedMarkdown, rule.regex, extras, rule.replacement);
         };
         this.htmlToMarkdownRules.forEach(processRule);
-        return str_1.default.htmlDecode(this.replaceBlockElementWithNewLine(generatedMarkdown));
+        const decoded = str_1.default.htmlDecode(this.replaceBlockElementWithNewLine(generatedMarkdown));
+        return this.restoreVictoryChartTags(decoded, victoryChartTags);
     }
     /**
      * Convert HTML to text

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "expensify-common",
-  "version": "2.0.180",
+  "version": "2.0.182",
   "author": "Expensify, Inc.",
   "description": "Expensify libraries and components shared across different repos",
   "homepage": "https://expensify.com",