Skip to content

Commit

Permalink
SWC-6762, SWC-7015
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickgros
nickgros committed Sep 11, 2024
1 parent 50c77ea commit 43500b7
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 102 deletions.
4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"markdown-it-sup": "^2.0.0",
"markdown-it-synapse": "^1.1.16",
"markdown-it-synapse-heading": "^1.0.1",
"markdown-it-synapse-table": "^1.0.6",
"markdown-it-synapse-table": "^1.0.8",
"moment": "^2.29.4",
"papaparse": "^5.4.1",
"pica": "6.0.0",
Expand All @@ -34,7 +34,7 @@
"react-transition-group": "2.6.0",
"sass": "^1.63.6",
"spark-md5": "^3.0.2",
"synapse-react-client": "3.3.11",
"synapse-react-client": "3.3.12",
"universal-cookie": "^4.0.4",
"xss": "^1.0.15"
},
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,7 @@
/>

<copy
file="${project.basedir}/node_modules/markdown-it-synapse-table/dist/markdown-it-synapse-table.min.js"
file="${project.basedir}/node_modules/markdown-it-synapse-table/dist/index.umd.cjs"
tofile="src/main/webapp/generated/markdown-it-synapse-table.js"
/>
<copy
Expand Down
100 changes: 1 addition & 99 deletions src/main/java/org/sagebionetworks/web/client/SynapseJSNIUtilsImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -623,105 +623,7 @@ public String sanitizeHtml(String html) {

private static final native boolean initFilterXss() /*-{
try {
var options = {
whiteList : {
a : [ 'target', 'href', 'title', 'ref' ],
abbr : [ 'title' ],
address : [],
area : [ 'shape', 'coords', 'href', 'alt' ],
article : [],
aside : [],
audio : [ 'autoplay', 'controls', 'loop', 'preload', 'src' ],
b : [],
bdi : [ 'dir' ],
bdo : [ 'dir' ],
big : [],
blockquote : [ 'cite' ],
body : [],
br : [],
caption : [],
center : [],
cite : [],
code : [],
col : [ 'align', 'valign', 'span', 'width' ],
colgroup : [ 'align', 'valign', 'span', 'width' ],
dd : [],
del : [ 'datetime' ],
details : [ 'open' ],
div : [ 'class' ],
dl : [],
dt : [],
em : [],
font : [ 'color', 'size', 'face' ],
footer : [],
h1 : [ 'toc' ],
h2 : [ 'toc' ],
h3 : [ 'toc' ],
h4 : [ 'toc' ],
h5 : [ 'toc' ],
h6 : [ 'toc' ],
head : [],
header : [],
hr : [],
html : [],
i : [],
img : [ 'src', 'alt', 'title', 'width', 'height' ],
ins : [ 'datetime' ],
li : [],
mark : [],
nav : [],
noscript : [],
ol : [],
p : [],
pre : [],
s : [],
section : [],
small : [],
span : [ 'data-widgetparams', 'class', 'id' ],
sub : [],
summary : [],
sup : [],
strong : [],
table : [ 'width', 'border', 'align', 'valign', 'class' ],
tbody : [ 'align', 'valign' ],
td : [ 'width', 'rowspan', 'colspan', 'align', 'valign' ],
tfoot : [ 'align', 'valign' ],
th : [ 'width', 'rowspan', 'colspan', 'align', 'valign',
'class' ],
thead : [ 'align', 'valign' ],
tr : [ 'rowspan', 'align', 'valign' ],
tt : [],
u : [],
ul : [],
video : [ 'autoplay', 'controls', 'loop', 'preload', 'src',
'height', 'width' ]
},
stripIgnoreTagBody : true, // filter out all tags not in the whitelist
allowCommentTag : false,
css : false,
onIgnoreTag : function(tag, html, options) {
if (tag === '!doctype') {
// do not filter doctype
return html;
}
},
safeAttrValue: function(tag, name, value) {
// Apply default safeAttrValue filtering:
value = $wnd.filterXSS.safeAttrValue(tag, name, value);
if (tag === 'img' && name === 'src') {
if (
!(
value &&
(value.startsWith('data:image/') || value.startsWith('http'))
)
) {
return ''
}
}
value = $wnd.filterXSS.escapeAttrValue(value)
return value
}
}
var options = $wnd.SRC.xssOptions;
$wnd.xss = new $wnd.filterXSS.FilterXSS(options)
return true
} catch (err) {
Expand Down

0 comments on commit 43500b7

Please sign in to comment.