Skip to content

Commit

Permalink
Merge pull request #5516 from nickgros/SWC-7015
Browse files Browse the repository at this point in the history
  • Loading branch information
nickgros authored Sep 11, 2024
2 parents bf57ad7 + f6850ca commit c72c7e0
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 111 deletions.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"markdown-it-sup": "^2.0.0",
"markdown-it-synapse": "^1.1.16",
"markdown-it-synapse-heading": "^1.0.1",
"markdown-it-synapse-table": "^1.0.6",
"markdown-it-synapse-table": "^1.0.8",
"moment": "^2.29.4",
"papaparse": "^5.4.1",
"pica": "6.0.0",
Expand All @@ -34,7 +34,7 @@
"react-transition-group": "2.6.0",
"sass": "^1.63.6",
"spark-md5": "^3.0.2",
"synapse-react-client": "3.3.11",
"synapse-react-client": "3.3.12",
"universal-cookie": "^4.0.4",
"xss": "^1.0.15"
},
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,7 @@
/>

<copy
file="${project.basedir}/node_modules/markdown-it-synapse-table/dist/markdown-it-synapse-table.min.js"
file="${project.basedir}/node_modules/markdown-it-synapse-table/dist/index.umd.cjs"
tofile="src/main/webapp/generated/markdown-it-synapse-table.js"
/>
<copy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -623,105 +623,7 @@ public String sanitizeHtml(String html) {

private static final native boolean initFilterXss() /*-{
try {
var options = {
whiteList : {
a : [ 'target', 'href', 'title', 'ref' ],
abbr : [ 'title' ],
address : [],
area : [ 'shape', 'coords', 'href', 'alt' ],
article : [],
aside : [],
audio : [ 'autoplay', 'controls', 'loop', 'preload', 'src' ],
b : [],
bdi : [ 'dir' ],
bdo : [ 'dir' ],
big : [],
blockquote : [ 'cite' ],
body : [],
br : [],
caption : [],
center : [],
cite : [],
code : [],
col : [ 'align', 'valign', 'span', 'width' ],
colgroup : [ 'align', 'valign', 'span', 'width' ],
dd : [],
del : [ 'datetime' ],
details : [ 'open' ],
div : [ 'class' ],
dl : [],
dt : [],
em : [],
font : [ 'color', 'size', 'face' ],
footer : [],
h1 : [ 'toc' ],
h2 : [ 'toc' ],
h3 : [ 'toc' ],
h4 : [ 'toc' ],
h5 : [ 'toc' ],
h6 : [ 'toc' ],
head : [],
header : [],
hr : [],
html : [],
i : [],
img : [ 'src', 'alt', 'title', 'width', 'height' ],
ins : [ 'datetime' ],
li : [],
mark : [],
nav : [],
noscript : [],
ol : [],
p : [],
pre : [],
s : [],
section : [],
small : [],
span : [ 'data-widgetparams', 'class', 'id' ],
sub : [],
summary : [],
sup : [],
strong : [],
table : [ 'width', 'border', 'align', 'valign', 'class' ],
tbody : [ 'align', 'valign' ],
td : [ 'width', 'rowspan', 'colspan', 'align', 'valign' ],
tfoot : [ 'align', 'valign' ],
th : [ 'width', 'rowspan', 'colspan', 'align', 'valign',
'class' ],
thead : [ 'align', 'valign' ],
tr : [ 'rowspan', 'align', 'valign' ],
tt : [],
u : [],
ul : [],
video : [ 'autoplay', 'controls', 'loop', 'preload', 'src',
'height', 'width' ]
},
stripIgnoreTagBody : true, // filter out all tags not in the whitelist
allowCommentTag : false,
css : false,
onIgnoreTag : function(tag, html, options) {
if (tag === '!doctype') {
// do not filter doctype
return html;
}
},
safeAttrValue: function(tag, name, value) {
// Apply default safeAttrValue filtering:
value = $wnd.filterXSS.safeAttrValue(tag, name, value);
if (tag === 'img' && name === 'src') {
if (
!(
value &&
(value.startsWith('data:image/') || value.startsWith('http'))
)
) {
return ''
}
}
value = $wnd.filterXSS.escapeAttrValue(value)
return value
}
}
var options = $wnd.SRC.xssOptions;
$wnd.xss = new $wnd.filterXSS.FilterXSS(options)
return true
} catch (err) {
Expand Down
18 changes: 9 additions & 9 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -4101,10 +4101,10 @@ markdown-it-synapse-math@^3.0.5:
optionalDependencies:
ascii2mathml "^0.6.2"

markdown-it-synapse-table@^1.0.6:
version "1.0.6"
resolved "https://registry.yarnpkg.com/markdown-it-synapse-table/-/markdown-it-synapse-table-1.0.6.tgz#5e14383257a6f6495d6c097388911548fe2155fb"
integrity sha512-znhzQZhMxZ8sSQ9IBfdVv4ufW54i+P8M//rHEswcgg7SI3J0AN1s2T7T0KqYGG+9rHf/ORsdcUZst9hMiBC9xA==
markdown-it-synapse-table@1.0.8, markdown-it-synapse-table@^1.0.8:
version "1.0.8"
resolved "https://registry.yarnpkg.com/markdown-it-synapse-table/-/markdown-it-synapse-table-1.0.8.tgz#38481a997fe6f1209f645061a5b230ed602317c4"
integrity sha512-Fhc7Mi2CUsuUXKjY3MNFhblXjqVhpIGJWsIGwB0hYSGrmiZrLlkAKHoIGwjnYLxEyawYrKIKaqkmjF9XCHrsqw==

[email protected], markdown-it-synapse@^1.1.16:
version "1.1.16"
Expand Down Expand Up @@ -5924,10 +5924,10 @@ svg-path-sdf@^1.1.3:
parse-svg-path "^0.1.2"
svg-path-bounds "^1.0.1"

[email protected].11:
version "3.3.11"
resolved "https://registry.yarnpkg.com/synapse-react-client/-/synapse-react-client-3.3.11.tgz#00f5d536cb558bbeed2ae989679eb8e8edc43473"
integrity sha512-nZZWF6mwSqgTyHOlF6UfzWOi7BZjo2tGr6wY7vt4Urp9e6d9+1ArFtx8+BM+z2BNjfe6P/9VBr3eqXtb4ulhFA==
[email protected].12:
version "3.3.12"
resolved "https://registry.yarnpkg.com/synapse-react-client/-/synapse-react-client-3.3.12.tgz#7d2b4db2eaae6b9a4d3cb3438bf4475dfa7a5be2"
integrity sha512-LKDF8ok/HI4f0SbzN8ejkYjcIgLWGPvVNmC6OVX0B+CQYrva/fW1d4QPBUG69Jo8IiV93/X4wr3kUY6ixJL2eA==
dependencies:
"@apidevtools/json-schema-ref-parser" "^9.1.2"
"@brainhubeu/react-carousel" "1.19.26"
Expand Down Expand Up @@ -5977,7 +5977,7 @@ [email protected]:
markdown-it-synapse "1.1.16"
markdown-it-synapse-heading "^1.0.1"
markdown-it-synapse-math "^3.0.5"
markdown-it-synapse-table "^1.0.6"
markdown-it-synapse-table "1.0.8"
mui-one-time-password-input "^2.0.2"
papaparse "^5.4.1"
plotly.js "2.28.0"
Expand Down

0 comments on commit c72c7e0

Please sign in to comment.