opensourcemirror
/
nextcloud-contacts
mirror of https://github.com/nextcloud/contacts.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Bump sanitize-svg 

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This commit is contained in:
John Molakvoæ (skjnldsv) 2020-09-08 18:39:45 +02:00
parent 02c9ff36b6
commit 4ef681f382
No known key found for this signature in database
GPG Key ID: 60C25B8C072916CF
3 changed files with 5 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package-lock.json generated
View File

@ -2386,9 +2386,9 @@
}
},
"@mattkrick/sanitize-svg": {
"version": "0.2.1",
"resolved": "https://registry.npmjs.org/@mattkrick/sanitize-svg/-/sanitize-svg-0.2.1.tgz",
"integrity": "sha512-9T5xb8pq0GLNuKmKbXLvILOi1bQeu9FzAup+dB3zWRgzOVh40yE0YqWY/lrKzBrpj968ZaKTxegTwU1zyRtfBA=="
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/@mattkrick/sanitize-svg/-/sanitize-svg-0.3.0.tgz",
"integrity": "sha512-27VQZEqdRWRVfyaAxoygrD4SJmuYP9O6Nj06lCv6y/Aex5AverXPCSeTUC1oL4XOKvstxUhFaUDXlYwpZExPow=="
},
"@nextcloud/auth": {
"version": "1.3.0",

2
package.json
View File

@ -33,7 +33,7 @@
"stylelint:fix": "stylelint src --fix"
},
"dependencies": {
"@mattkrick/sanitize-svg": "^0.2.1",
"@mattkrick/sanitize-svg": "^0.3.0",
"@nextcloud/auth": "^1.3.0",
"@nextcloud/axios": "^1.4.0",
"@nextcloud/dialogs": "^2.0.1",

18
src/components/ContactDetails/ContactDetailsAvatar.vue
View File

@ -236,8 +236,7 @@ export default {
if (e.target.result.indexOf('image/svg') > -1) {
const imageSvg = atob(imageBase64)
const cleanSvg = await sanitizeSVG(imageSvg)
// TODO: replace haveUnsafeSvgEvents with https://github.com/mattkrick/sanitize-svg/pull/2
if (!cleanSvg || self.haveUnsafeSvgEvents(imageSvg)) {
if (!cleanSvg) {
throw new Error('Unsafe svg image', imageSvg)
}
}
@ -262,21 +261,6 @@ export default {
}
},
/**
* Does the provided svg have unsafe js events
* @param {string} svgText the svg as string
* @returns {boolean}
*/
haveUnsafeSvgEvents(svgText) {
const div = window.document.createElement('div')
div.innerHTML = svgText
const svgEl = div.firstElementChild
const attributes = [].slice.call(svgEl.attributes) || []
const events = attributes.filter(attr => attr.name.indexOf('on') === 0)
return events.length !== 0
},
/**
* Reset image pciker input
*/