loleaflet/Makefile.am | 2 - loleaflet/js/sanitize-url.js | 71 +++++++++++++++++++++---------------------- loleaflet/package.json | 2 - 3 files changed, 38 insertions(+), 37 deletions(-)
New commits: commit 160acdc5cbb6724874738240a874b77657cf678c Author: gokaysatir <gokaysa...@collabora.com> AuthorDate: Fri May 29 18:26:47 2020 +0300 Commit: Henry Castro <hcas...@collabora.com> CommitDate: Fri May 29 18:13:18 2020 +0200 update sanitize-url package Change-Id: I4cc68a010f54afc02777c140b28e41c07a0011fe Reviewed-on: https://gerrit.libreoffice.org/c/online/+/95158 Tested-by: Jenkins Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Henry Castro <hcas...@collabora.com> diff --git a/loleaflet/Makefile.am b/loleaflet/Makefile.am index 5d96e3940..d4126763f 100644 --- a/loleaflet/Makefile.am +++ b/loleaflet/Makefile.am @@ -102,7 +102,7 @@ NODE_MODULES_SRC =\ select2@4.0.1 \ vex-js@4.1.0 \ l10n-for-node@0.0.1 \ - @braintree/sanitize-url@3.0.0 + @braintree/sanitize-url@4.0.1 LOLEAFLET_CSS =\ $(builddir)/node_modules/select2/dist/css/select2.css \ diff --git a/loleaflet/js/sanitize-url.js b/loleaflet/js/sanitize-url.js index ee8975589..57ee916b0 100644 --- a/loleaflet/js/sanitize-url.js +++ b/loleaflet/js/sanitize-url.js @@ -1,45 +1,46 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.sanitizeUrl = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){ -'use strict'; + 'use strict'; -var invalidPrototcolRegex = /^(%20|\s)*(javascript|data)/im; -var ctrlCharactersRegex = /[^\x20-\x7E]/gmi; -var urlSchemeRegex = /^([^:]+):/gm; -var relativeFirstCharacters = ['.', '/'] - -function isRelativeUrl(url) { - return relativeFirstCharacters.indexOf(url[0]) > -1; -} - -function sanitizeUrl(url) { - if (!url) { - return 'about:blank'; + var invalidPrototcolRegex = /^(%20|\s)*(javascript|data)/im; + var ctrlCharactersRegex = /[^\x20-\x7EÀ-ž]/gmi; + var urlSchemeRegex = /^([^:]+):/gm; + var relativeFirstCharacters = ['.', '/']; + + function isRelativeUrlWithoutProtocol(url) { + return relativeFirstCharacters.indexOf(url[0]) > -1; } - - var urlScheme, urlSchemeParseResults; - var sanitizedUrl = url.replace(ctrlCharactersRegex, ''); - if (isRelativeUrl(sanitizedUrl)) { + function sanitizeUrl(url) { + var urlScheme, urlSchemeParseResults, sanitizedUrl; + + if (!url) { + return 'about:blank'; + } + + sanitizedUrl = url.replace(ctrlCharactersRegex, '').trim(); + + if (isRelativeUrlWithoutProtocol(sanitizedUrl)) { + return sanitizedUrl; + } + + urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex); + + if (!urlSchemeParseResults) { + return sanitizedUrl; + } + + urlScheme = urlSchemeParseResults[0]; + + if (invalidPrototcolRegex.test(urlScheme)) { + return 'about:blank'; + } + return sanitizedUrl; } - urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex); - - if (!urlSchemeParseResults) { - return 'about:blank'; - } - - urlScheme = urlSchemeParseResults[0]; - - if (invalidPrototcolRegex.test(urlScheme)) { - return 'about:blank'; - } - - return sanitizedUrl; -} - -module.exports = { - sanitizeUrl: sanitizeUrl -}; + module.exports = { + sanitizeUrl: sanitizeUrl + }; },{}]},{},[1])(1) }); diff --git a/loleaflet/package.json b/loleaflet/package.json index a52a754fc..a5655d737 100644 --- a/loleaflet/package.json +++ b/loleaflet/package.json @@ -3,7 +3,7 @@ "version": "0.8.0-dev", "description": "LibreOffice online front-end", "devDependencies": { - "@braintree/sanitize-url": "3.0.0", + "@braintree/sanitize-url": "4.0.1", "@types/jquery": "2.0.40", "autolinker": "1.4.3", "bootstrap": "3.3.6", _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits