smig/excalidraw
1
0
Fork 0
mirror of https://github.com/excalidraw/excalidraw.git synced 2025-05-03 10:00:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: make HTML attribute sanitization stricter (#8977)

Browse source 
* feat: make HTML attribute sanitization stricter

* fix double escape
This commit is contained in:
David Luzar 2025-01-05 21:45:04 +01:00 committed by GitHub
parent c84babf574
commit b63689c230
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/excalidraw/data/url.test.tsx
View file

@ -25,6 +25,7 @@ describe("normalizeLink", () => {
expect(normalizeLink("file://")).toBe("file://");
expect(normalizeLink("[test](https://test)")).toBe("[test](https://test)");
expect(normalizeLink("[[test]]")).toBe("[[test]]");
expect(normalizeLink("<test>")).toBe("<test>");
expect(normalizeLink("<test>")).toBe("&lt;test&gt;");
expect(normalizeLink("test&")).toBe("test&amp;");
});
});

5
packages/excalidraw/data/url.ts
View file

@ -1,8 +1,5 @@
import { sanitizeUrl } from "@braintree/sanitize-url";
export const sanitizeHTMLAttribute = (html: string) => {
return html.replace(/"/g, "&quot;");
};
import { sanitizeHTMLAttribute } from "../utils";
export const normalizeLink = (link: string) => {
link = link.trim();