f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2026-01-10 04:52:40 +00:00
Code Wiki Activity

Remove vue-html-secure package

Browse Source
This commit is contained in:
G.Ambatte
2024-07-02 15:34:40 +12:00
parent 9f3a4dc6bb
commit 52658d6e44
4 changed files with 47 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client/homebrew/brewRenderer/brewRenderer.jsx
View File

@@ -27,7 +27,7 @@ const INITIAL_CONTENT = dedent`
<base target=_blank>
</head><body style='overflow: hidden'><div></div></body></html>`;
let safeHTML = ()=>{};
import { safeHTML } from './safeHTML.js';
//v=====----------------------< Brew Page Component >---------------------=====v//
const BrewPage = (props)=>{
@@ -170,8 +170,6 @@ const BrewRenderer = (props)=>{
};
const frameDidMount = ()=>{ //This triggers when iFrame finishes internal "componentDidMount"
safeHTML = require('vue-html-secure').safeHTML;
setTimeout(()=>{ //We still see a flicker where the style isn't applied yet, so wait 100ms before showing iFrame
updateSize();
window.addEventListener('resize', updateSize);

44
client/homebrew/brewRenderer/safeHTML.js Normal file
View File

@@ -0,0 +1,44 @@
let doc = null;
let div = null;
function safeHTML(htmlString) {
// If the Document interface doesn't exist, exit
if(!document) return null;
// If the test document and div don't exist, create them
if(!doc) doc = document.implementation.createHTMLDocument('');
if(!div) div = doc.createElement('div');
// Set the test div contents to the evaluation string
div.innerHTML = htmlString;
// Grab all nodes from the test div
const elements = div.querySelectorAll('*');
// Blacklisted tags
const blacklistTags = ['script', 'noscript', 'noembed'];
// Tests to remove attributes
const blacklistAttrs = [
(test)=>{return test.localName.indexOf('on') == 0;},
(test)=>{return test.value.replace(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205f\u3000]/g, '').toLowerCase().trim().indexOf('javascript:') == 0;}
];
elements.forEach((element)=>{
// Check each element for blacklisted type
if(blacklistTags.includes(element?.localName?.toLowerCase())) {
element.parentNode.removeChild(element);
return;
}
// Check remaining elements for blacklisted attributes
if(element.hasAttributes()){
for (const attribute of element.attributes){
let result = false;
blacklistAttrs.forEach((test)=>{result ||= test(attribute);});
if(result) element.removeAttribute(attribute.localName);
};
};
});
return div.innerHTML;
};
module.exports.safeHTML = safeHTML;