eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Fix wrong func being parsed, md parser (#1169)

Browse Source
This commit is contained in:
Geometrically
2023-05-28 16:00:25 -04:00
committed by GitHub
parent 3b0dc2195d
commit 273a69258a
3 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
helpers/parse.js
View File

@@ -19,6 +19,11 @@ export const configuredXss = new xss.FilterXSS({
area: [...xss.whiteList.a, 'coords'], area: [...xss.whiteList.a, 'coords'],
a: [...xss.whiteList.a, 'rel'], a: [...xss.whiteList.a, 'rel'],
}, },
css: {
whiteList: {
'image-rendering': /^pixelated$/,
},
},
onIgnoreTagAttr: (tag, name, value) => { onIgnoreTagAttr: (tag, name, value) => {
// Allow iframes from acceptable sources // Allow iframes from acceptable sources
if (tag === 'iframe' && name === 'src') { if (tag === 'iframe' && name === 'src') {
@@ -53,7 +58,7 @@ export const configuredXss = new xss.FilterXSS({
return name + '="' + xss.escapeAttrValue(value) + '"' return name + '="' + xss.escapeAttrValue(value) + '"'
} }
}, },
safeAttrValue(tag, name, value, _cssFilter) { safeAttrValue(tag, name, value, cssFilter) {
if (tag === 'img' && name === 'src' && !value.startsWith('data:')) { if (tag === 'img' && name === 'src' && !value.startsWith('data:')) {
try { try {
const url = new URL(value) const url = new URL(value)
@@ -75,12 +80,17 @@ export const configuredXss = new xss.FilterXSS({
] ]
if (!allowedHostnames.includes(url.hostname)) { if (!allowedHostnames.includes(url.hostname)) {
return `https://wsrv.nl/?url=${encodeURIComponent(value)}&n=-1` return xss.safeAttrValue(
tag,
name,
`https://wsrv.nl/?url=${encodeURIComponent(value)}&n=-1`,
cssFilter
)
} }
} catch (err) {} } catch (err) {}
} }
return value return xss.safeAttrValue(tag, name, value, cssFilter)
}, },
}) })

6
layouts/default.vue
View File

@@ -297,7 +297,9 @@
<nuxt-link to="/legal/terms"> Terms</nuxt-link> <nuxt-link to="/legal/terms"> Terms</nuxt-link>
<nuxt-link to="/legal/privacy"> Privacy</nuxt-link> <nuxt-link to="/legal/privacy"> Privacy</nuxt-link>
<nuxt-link to="/legal/rules"> Rules</nuxt-link> <nuxt-link to="/legal/rules"> Rules</nuxt-link>
<a :target="$external()" href="https://careers.modrinth.com"> Careers </a> <a :target="$external()" href="https://careers.modrinth.com"
>Careers <span class="count-bubble">1</span></a
>
</div> </div>
<div class="links links-2" role="region" aria-label="Resources"> <div class="links links-2" role="region" aria-label="Resources">
<h4 aria-hidden="true">Resources</h4> <h4 aria-hidden="true">Resources</h4>
@@ -1041,7 +1043,7 @@ export default defineNuxtComponent({
border-radius: 5rem; border-radius: 5rem;
background: var(--color-brand); background: var(--color-brand);
color: var(--color-text-inverted); color: var(--color-text-inverted);
padding: 0 0.25rem; padding: 0 0.35rem;
margin-left: 0.25rem; margin-left: 0.25rem;
} }
} }

2
nuxt.config.ts
View File

@@ -173,8 +173,6 @@ export default defineNuxtConfig({
}, },
runtimeConfig: { runtimeConfig: {
apiBaseUrl: process.env.BASE_URL ?? getApiUrl(), apiBaseUrl: process.env.BASE_URL ?? getApiUrl(),
ariadneBaseUrl: process.env.ARIADNE_URL ?? getAriadneUrl(),
ariadneAdminKey: process.env.ARIADNE_ADMIN_KEY,
rateLimitKey: process.env.RATE_LIMIT_IGNORE_KEY, rateLimitKey: process.env.RATE_LIMIT_IGNORE_KEY,
public: { public: {
apiBaseUrl: getApiUrl(), apiBaseUrl: getApiUrl(),