@tiptap/extension-link
Advanced tools
Comparing version 2.6.3 to 2.6.4
@@ -183,6 +183,16 @@ import { combineTransactionSteps, getChangedRanges, findChildrenInRange, getMarksBetween, getAttributes, Mark, mergeAttributes, markPasteRule } from '@tiptap/core'; | ||
// https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; // eslint-disable-line no-control-regex | ||
const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; // eslint-disable-line no-useless-escape | ||
function isAllowedUri(uri) { | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI); | ||
// eslint-disable-next-line no-control-regex | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; | ||
function isAllowedUri(uri, protocols) { | ||
const allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp']; | ||
if (protocols) { | ||
protocols.forEach(protocol => { | ||
const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme); | ||
if (nextProtocol) { | ||
allowedProtocols.push(nextProtocol); | ||
} | ||
}); | ||
} | ||
// eslint-disable-next-line no-useless-escape | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')); | ||
} | ||
@@ -253,3 +263,3 @@ /** | ||
// prevent XSS attacks | ||
if (!href || !isAllowedUri(href)) { | ||
if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
return false; | ||
@@ -263,3 +273,3 @@ } | ||
// prevent XSS attacks | ||
if (!isAllowedUri(HTMLAttributes.href)) { | ||
if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
// strip out the href | ||
@@ -266,0 +276,0 @@ return ['a', mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0]; |
@@ -185,6 +185,16 @@ (function (global, factory) { | ||
// https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; // eslint-disable-line no-control-regex | ||
const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; // eslint-disable-line no-useless-escape | ||
function isAllowedUri(uri) { | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI); | ||
// eslint-disable-next-line no-control-regex | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g; | ||
function isAllowedUri(uri, protocols) { | ||
const allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp']; | ||
if (protocols) { | ||
protocols.forEach(protocol => { | ||
const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme); | ||
if (nextProtocol) { | ||
allowedProtocols.push(nextProtocol); | ||
} | ||
}); | ||
} | ||
// eslint-disable-next-line no-useless-escape | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')); | ||
} | ||
@@ -255,3 +265,3 @@ /** | ||
// prevent XSS attacks | ||
if (!href || !isAllowedUri(href)) { | ||
if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
return false; | ||
@@ -265,3 +275,3 @@ } | ||
// prevent XSS attacks | ||
if (!isAllowedUri(HTMLAttributes.href)) { | ||
if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
// strip out the href | ||
@@ -268,0 +278,0 @@ return ['a', core.mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0]; |
{ | ||
"name": "@tiptap/extension-link", | ||
"description": "link extension for tiptap", | ||
"version": "2.6.3", | ||
"version": "2.6.4", | ||
"homepage": "https://tiptap.dev", | ||
@@ -35,8 +35,8 @@ "keywords": [ | ||
"devDependencies": { | ||
"@tiptap/core": "^2.6.3", | ||
"@tiptap/pm": "^2.6.3" | ||
"@tiptap/core": "^2.6.4", | ||
"@tiptap/pm": "^2.6.4" | ||
}, | ||
"peerDependencies": { | ||
"@tiptap/core": "^2.6.3", | ||
"@tiptap/pm": "^2.6.3" | ||
"@tiptap/core": "^2.6.4", | ||
"@tiptap/pm": "^2.6.4" | ||
}, | ||
@@ -43,0 +43,0 @@ "repository": { |
@@ -109,7 +109,20 @@ import { | ||
// https://github.com/cure53/DOMPurify/blob/main/src/regexp.js | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex | ||
const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape | ||
// eslint-disable-next-line no-control-regex | ||
const ATTR_WHITESPACE = /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g | ||
function isAllowedUri(uri: string | undefined) { | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(IS_ALLOWED_URI) | ||
function isAllowedUri(uri: string | undefined, protocols?: LinkOptions['protocols']) { | ||
const allowedProtocols: string[] = ['http', 'https', 'ftp', 'ftps', 'mailto', 'tel', 'callto', 'sms', 'cid', 'xmpp'] | ||
if (protocols) { | ||
protocols.forEach(protocol => { | ||
const nextProtocol = (typeof protocol === 'string' ? protocol : protocol.scheme) | ||
if (nextProtocol) { | ||
allowedProtocols.push(nextProtocol) | ||
} | ||
}) | ||
} | ||
// eslint-disable-next-line no-useless-escape | ||
return !uri || uri.replace(ATTR_WHITESPACE, '').match(new RegExp(`^(?:(?:${allowedProtocols.join('|')}):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))`, 'i')) | ||
} | ||
@@ -191,3 +204,3 @@ | ||
// prevent XSS attacks | ||
if (!href || !isAllowedUri(href)) { | ||
if (!href || !isAllowedUri(href, this.options.protocols)) { | ||
return false | ||
@@ -202,3 +215,3 @@ } | ||
// prevent XSS attacks | ||
if (!isAllowedUri(HTMLAttributes.href)) { | ||
if (!isAllowedUri(HTMLAttributes.href, this.options.protocols)) { | ||
// strip out the href | ||
@@ -205,0 +218,0 @@ return ['a', mergeAttributes(this.options.HTMLAttributes, { ...HTMLAttributes, href: '' }), 0] |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
288029
5440