Bump sanitize-svg
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This commit is contained in:
parent
02c9ff36b6
commit
4ef681f382
|
@ -2386,9 +2386,9 @@
|
|||
}
|
||||
},
|
||||
"@mattkrick/sanitize-svg": {
|
||||
"version": "0.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@mattkrick/sanitize-svg/-/sanitize-svg-0.2.1.tgz",
|
||||
"integrity": "sha512-9T5xb8pq0GLNuKmKbXLvILOi1bQeu9FzAup+dB3zWRgzOVh40yE0YqWY/lrKzBrpj968ZaKTxegTwU1zyRtfBA=="
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/@mattkrick/sanitize-svg/-/sanitize-svg-0.3.0.tgz",
|
||||
"integrity": "sha512-27VQZEqdRWRVfyaAxoygrD4SJmuYP9O6Nj06lCv6y/Aex5AverXPCSeTUC1oL4XOKvstxUhFaUDXlYwpZExPow=="
|
||||
},
|
||||
"@nextcloud/auth": {
|
||||
"version": "1.3.0",
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
"stylelint:fix": "stylelint src --fix"
|
||||
},
|
||||
"dependencies": {
|
||||
"@mattkrick/sanitize-svg": "^0.2.1",
|
||||
"@mattkrick/sanitize-svg": "^0.3.0",
|
||||
"@nextcloud/auth": "^1.3.0",
|
||||
"@nextcloud/axios": "^1.4.0",
|
||||
"@nextcloud/dialogs": "^2.0.1",
|
||||
|
|
|
@ -236,8 +236,7 @@ export default {
|
|||
if (e.target.result.indexOf('image/svg') > -1) {
|
||||
const imageSvg = atob(imageBase64)
|
||||
const cleanSvg = await sanitizeSVG(imageSvg)
|
||||
// TODO: replace haveUnsafeSvgEvents with https://github.com/mattkrick/sanitize-svg/pull/2
|
||||
if (!cleanSvg || self.haveUnsafeSvgEvents(imageSvg)) {
|
||||
if (!cleanSvg) {
|
||||
throw new Error('Unsafe svg image', imageSvg)
|
||||
}
|
||||
}
|
||||
|
@ -262,21 +261,6 @@ export default {
|
|||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* Does the provided svg have unsafe js events
|
||||
* @param {string} svgText the svg as string
|
||||
* @returns {boolean}
|
||||
*/
|
||||
haveUnsafeSvgEvents(svgText) {
|
||||
const div = window.document.createElement('div')
|
||||
div.innerHTML = svgText
|
||||
|
||||
const svgEl = div.firstElementChild
|
||||
const attributes = [].slice.call(svgEl.attributes) || []
|
||||
const events = attributes.filter(attr => attr.name.indexOf('on') === 0)
|
||||
return events.length !== 0
|
||||
},
|
||||
|
||||
/**
|
||||
* Reset image pciker input
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue