martin/databag
1
0
Fork 0
mirror of https://github.com/balzack/databag.git synced 2025-03-13 00:50:03 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

#146 - using url specific santizer, than you @mbaum0 for reporting!

Browse Source
This commit is contained in:
Roland Osborne 2025-02-04 11:55:56 -08:00
parent c992259541
commit 69755d1fea
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/web/package.json
View File

@ -16,6 +16,7 @@
} }
}, },
"dependencies": { "dependencies": {
"@braintree/sanitize-url": "^7.1.1",
"@charliewilco/gluejar": "^1.0.0", "@charliewilco/gluejar": "^1.0.0",
"@testing-library/jest-dom": "^5.14.1", "@testing-library/jest-dom": "^5.14.1",
"@testing-library/user-event": "^13.2.1", "@testing-library/user-event": "^13.2.1",

6
net/web/src/session/conversation/useConversation.hook.js
View File

@ -9,7 +9,7 @@ import { ProfileContext } from 'context/ProfileContext';
import { isUnsealed, getChannelSeals, getContentKey, encryptTopicSubject } from 'context/sealUtil'; import { isUnsealed, getChannelSeals, getContentKey, encryptTopicSubject } from 'context/sealUtil';
import { decryptTopicSubject } from 'context/sealUtil'; import { decryptTopicSubject } from 'context/sealUtil';
import { getProfileByGuid } from 'context/cardUtil'; import { getProfileByGuid } from 'context/cardUtil';
import * as DOMPurify from 'dompurify'; import { sanitizeUrl } from '@braintree/sanitize-url';
export function useConversation(cardId, channelId) { export function useConversation(cardId, channelId) {
@ -145,14 +145,14 @@ export function useConversation(cardId, channelId) {
let group = ''; let group = '';
let clickable = []; let clickable = [];
const words = text === [] ? '' : DOMPurify.sanitize(text).split(' '); const words = !text ? [] : text.split(' ');
words.forEach((word, index) => { words.forEach((word, index) => {
if (!!urlPattern.test(word)) { if (!!urlPattern.test(word)) {
clickable.push(<span key={index}>{ group }</span>); clickable.push(<span key={index}>{ group }</span>);
group = ''; group = '';
const url = !!hostPattern.test(word) ? word : `https://${word}`; const url = !!hostPattern.test(word) ? word : `https://${word}`;
clickable.push(<a key={'link-'+index} target="_blank" rel="noopener noreferrer" href={url}>{ `${word} ` }</a>); clickable.push(<a key={`link-${index}`} target="_blank" rel="noopener noreferrer" href={sanitizeUrl(url)}>{ word }</a>);
} }
else { else {
group += `${word} `; group += `${word} `;

5
net/web/yarn.lock
View File

@ -1133,6 +1133,11 @@
resolved "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz" resolved "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz"
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
"@braintree/sanitize-url@^7.1.1":
version "7.1.1"
resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-7.1.1.tgz#15e19737d946559289b915e5dad3b4c28407735e"
integrity sha512-i1L7noDNxtFyL5DmZafWy1wRVhGehQmzZaz1HiN5e7iylJMSZR7ekOV7NsIqa5qBldlLrsKv4HbgFUVlQrz8Mw==
"@charliewilco/gluejar@^1.0.0": "@charliewilco/gluejar@^1.0.0":
version "1.0.0" version "1.0.0"
resolved "https://registry.yarnpkg.com/@charliewilco/gluejar/-/gluejar-1.0.0.tgz#f228e8130d4e23401c119f32e27e5353c544c58e" resolved "https://registry.yarnpkg.com/@charliewilco/gluejar/-/gluejar-1.0.0.tgz#f228e8130d4e23401c119f32e27e5353c544c58e"