@tiptap/extension-link
Advanced tools
@tiptap/extension-link - npm Package Compare versions
Comparing version 2.6.3 to 2.6.4
@@ -183,6 +183,16 @@ import { combineTransactionSteps, getChangedRanges, findChildrenInRange, getMarksBetween, getAttributes, Mark, mergeAttributes, markPasteRule } from '@tiptap/core'; | ||
| // https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; // eslint-disable-line no-control-regex | ||
| const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; // eslint-disable-line no-useless-escape | ||
| function isAllowedUri(uri) { | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI); | ||
| // eslint-disable-next-line no-control-regex | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; | ||
| function isAllowedUri(uri, protocols) { | ||
| const allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp']; | ||
| if (protocols) { | ||
| protocols.forEach(protocol => { | ||
| const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme); | ||
| if (nextProtocol) { | ||
| allowedProtocols.push(nextProtocol); | ||
| } | ||
| }); | ||
| } | ||
| // eslint-disable-next-line no-useless-escape | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')); | ||
| } | ||
@@ -253,3 +263,3 @@ /** | ||
| // prevent XSS attacks | ||
| if (!href || !isAllowedUri(href)) { | ||
| if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
| return false; | ||
@@ -263,3 +273,3 @@ } | ||
| // prevent XSS attacks | ||
| if (!isAllowedUri(HTMLAttributes.href)) { | ||
| if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
| // strip out the href | ||
@@ -266,0 +276,0 @@ return ['a', mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0]; |
@@ -185,6 +185,16 @@ (function (global, factory) { | ||
| // https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; // eslint-disable-line no-control-regex | ||
| const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; // eslint-disable-line no-useless-escape | ||
| function isAllowedUri(uri) { | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI); | ||
| // eslint-disable-next-line no-control-regex | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; | ||
| function isAllowedUri(uri, protocols) { | ||
| const allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp']; | ||
| if (protocols) { | ||
| protocols.forEach(protocol => { | ||
| const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme); | ||
| if (nextProtocol) { | ||
| allowedProtocols.push(nextProtocol); | ||
| } | ||
| }); | ||
| } | ||
| // eslint-disable-next-line no-useless-escape | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')); | ||
| } | ||
@@ -255,3 +265,3 @@ /** | ||
| // prevent XSS attacks | ||
| if (!href || !isAllowedUri(href)) { | ||
| if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
| return false; | ||
@@ -265,3 +275,3 @@ } | ||
| // prevent XSS attacks | ||
| if (!isAllowedUri(HTMLAttributes.href)) { | ||
| if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
| // strip out the href | ||
@@ -268,0 +278,0 @@ return ['a', core.mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0]; |
| { | ||
| "name": "@tiptap/extension-link", | ||
| "description": "link extension for tiptap", | ||
| "version": "2.6.3", | ||
| "version": "2.6.4", | ||
| "homepage": "https://tiptap.dev", | ||
@@ -35,8 +35,8 @@ "keywords": [ | ||
| "devDependencies": { | ||
| "@tiptap/core": "^2.6.3", | ||
| "@tiptap/pm": "^2.6.3" | ||
| "@tiptap/core": "^2.6.4", | ||
| "@tiptap/pm": "^2.6.4" | ||
| }, | ||
| "peerDependencies": { | ||
| "@tiptap/core": "^2.6.3", | ||
| "@tiptap/pm": "^2.6.3" | ||
| "@tiptap/core": "^2.6.4", | ||
| "@tiptap/pm": "^2.6.4" | ||
| }, | ||
@@ -43,0 +43,0 @@ "repository": { |
@@ -109,7 +109,20 @@ import { | ||
| // https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex | ||
| const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape | ||
| // eslint-disable-next-line no-control-regex | ||
| const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g | ||
| function isAllowedUri(uri: string | undefined) { | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI) | ||
| function isAllowedUri(uri: string | undefined, protocols?: LinkOptions['protocols']) { | ||
| const allowedProtocols: string[] = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp'] | ||
| if (protocols) { | ||
| protocols.forEach(protocol => { | ||
| const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme) | ||
| if (nextProtocol) { | ||
| allowedProtocols.push(nextProtocol) | ||
| } | ||
| }) | ||
| } | ||
| // eslint-disable-next-line no-useless-escape | ||
| return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')) | ||
| } | ||
@@ -191,3 +204,3 @@ | ||
| // prevent XSS attacks | ||
| if (!href || !isAllowedUri(href)) { | ||
| if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
| return false | ||
@@ -202,3 +215,3 @@ } | ||
| // prevent XSS attacks | ||
| if (!isAllowedUri(HTMLAttributes.href)) { | ||
| if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
| // strip out the href | ||
@@ -205,0 +218,0 @@ return ['a', mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0] |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.6%
288029
- Lines of code
- increased by0.74%
5440