UNPKG

@nuxtjs/mdc

Version:

Nuxt MDC module

github.com/nuxt-modules/mdc

nuxt-modules/mdc

56 lines (55 loc) 1.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
export const unsafeLinkPrefix = [ "javascript:", "data:text/html", "vbscript:", "data:text/javascript", "data:text/vbscript", "data:text/css", "data:text/plain", "data:text/xml" ]; function isAnchorLinkAllowed(value) { const decodedUrl = decodeURIComponent(value); const urlSanitized = decodedUrl.replace(/&#x([0-9a-f]+);?/gi, "").replace(/&#(\d+);?/g, "").replace(/&[a-z]+;?/gi, ""); try { const url = new URL(urlSanitized, "http://example.com"); if (url.origin === "http://example.com") { return true; } if (unsafeLinkPrefix.some((prefix) => url.protocol.toLowerCase().startsWith(prefix))) { return false; } } catch { return false; } return true; } export const validateProp = (attribute, value) => { if (attribute.startsWith("on")) { return false; } if (attribute === "href" || attribute === "src") { return isAnchorLinkAllowed(value); } return true; }; export const validateProps = (type, props) => { if (!props) { return {}; } props = Object.fromEntries( Object.entries(props).filter(([name, value]) => { const isValid = validateProp(name, value); if (!isValid) { console.warn(`[@nuxtjs/mdc] removing unsafe attribute: ${name}="${value}"`); } return isValid; }) ); if (type === "pre") { if (typeof props.highlights === "string") { props.highlights = props.highlights.split(" ").map((i) => Number.parseInt(i)); } } return props; };