UNPKG

harden-react-markdown

Version:

A security-focused wrapper for react-markdown that filters URLs based on allowed prefixes

github.com/vercel/harden-react-markdown

vercel/harden-react-markdown

59 lines (58 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
"use strict"; "use client"; var __assign = (this && this.__assign) || function () { __assign = Object.assign || function(t) { for (var s, i = 1, n = arguments.length; i < n; i++) { s = arguments[i]; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; } return t; }; return __assign.apply(this, arguments); }; var __rest = (this && this.__rest) || function (s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; }; var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) { if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { if (ar || !(i in from)) { if (!ar) ar = Array.prototype.slice.call(from, 0, i); ar[i] = from[i]; } } return to.concat(ar || Array.prototype.slice.call(from)); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = hardenReactMarkdown; var jsx_runtime_1 = require("react/jsx-runtime"); var react_markdown_1 = require("react-markdown"); var rehype_harden_1 = require("rehype-harden"); function hardenReactMarkdown(MarkdownComponent) { return function HardenedReactMarkdown(_a) { var defaultOrigin = _a.defaultOrigin, allowedLinkPrefixes = _a.allowedLinkPrefixes, allowedImagePrefixes = _a.allowedImagePrefixes, allowDataImages = _a.allowDataImages, allowedProtocols = _a.allowedProtocols, rehypePlugins = _a.rehypePlugins, urlTransform = _a.urlTransform, props = __rest(_a, ["defaultOrigin", "allowedLinkPrefixes", "allowedImagePrefixes", "allowDataImages", "allowedProtocols", "rehypePlugins", "urlTransform"]); // Create a custom URL transform that allows data:image/ URLs when allowDataImages is true var customUrlTransform = function (url, key, node) { // If allowDataImages is enabled and this is an image with a data:image/ URL, allow it if (allowDataImages && key === "src" && url.startsWith("data:image/")) { return url; } // Otherwise, use the provided urlTransform or default return urlTransform ? urlTransform(url, key, node) : (0, react_markdown_1.defaultUrlTransform)(url); }; return ((0, jsx_runtime_1.jsx)(MarkdownComponent, __assign({}, props, { urlTransform: customUrlTransform, rehypePlugins: __spreadArray(__spreadArray([], (rehypePlugins !== null && rehypePlugins !== void 0 ? rehypePlugins : []), true), [ [ rehype_harden_1.harden, { defaultOrigin: defaultOrigin, allowedLinkPrefixes: allowedLinkPrefixes, allowedImagePrefixes: allowedImagePrefixes, allowDataImages: allowDataImages, allowedProtocols: allowedProtocols }, ], ], false) }))); }; }