gitter-markdown-processor
Advanced tools
Comparing version 16.0.0 to 17.0.0
@@ -0,1 +1,3 @@ | ||
/* eslint-disable func-names */ | ||
'use strict'; | ||
@@ -136,3 +138,11 @@ | ||
const normalizeIdn = urlString => { | ||
const parsedUrl = new URL(urlString); | ||
let parsedUrl; | ||
try { | ||
parsedUrl = new URL(urlString); | ||
} catch (err) { | ||
// If the URL was malformed and could not be parsed, then we don't have to | ||
// worry about it being a IDN link anyway because it won't work at all | ||
return urlString; | ||
} | ||
if (startsWith(parsedUrl.host, 'xn--')) { | ||
@@ -150,3 +160,3 @@ return parsedUrl.href; | ||
function validateUrl(urlString) { | ||
function escapeDangerousUrl(urlString) { | ||
if (!urlString) return ''; | ||
@@ -272,3 +282,3 @@ return [urlString] | ||
renderer.link = (href, title, text) => { | ||
const validatedHref = validateUrl(href); | ||
const validatedHref = escapeDangerousUrl(href); | ||
const urlData = matcher(href); | ||
@@ -295,3 +305,3 @@ const showTooltip = validatedHref !== href ? 'link-tooltip' : ''; | ||
renderer.image = function(href, title, text) { | ||
href = validateUrl(href); | ||
href = escapeDangerousUrl(href); | ||
href = generateProxyUrl(camoUrl, camoSecret, href); | ||
@@ -326,3 +336,3 @@ | ||
renderer.email = function(href, title, text) { | ||
validateUrl(href); | ||
escapeDangerousUrl(href); | ||
@@ -329,0 +339,0 @@ renderContext.urls.push({ url: href }); |
{ | ||
"name": "gitter-markdown-processor", | ||
"version": "16.0.0", | ||
"version": "17.0.0", | ||
"description": "parses gitter chat messages, but in its own process", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
45812
40
863