Fix data URL filtering (#1111)

* Fix data URL filtering * upgrade nuxt
2023-04-21 18:39:11 -07:00
parent 5527170fab
commit 4be6b11c1e
3 changed files with 354 additions and 357 deletions
--- a/helpers/parse.js
+++ b/helpers/parse.js
@@ -57,7 +57,7 @@ export const configuredXss = new xss.FilterXSS({
    }
  },
  safeAttrValue(tag, name, value, _cssFilter) {
-    if (tag === 'img' && name === 'src') {
+    if (tag === 'img' && name === 'src' && !value.startsWith('data:')) {
      try {
        const url = new URL(value)

@@ -72,6 +72,7 @@ export const configuredXss = new xss.FilterXSS({
          'raw.githubusercontent.com',
          'img.shields.io',
          'i.postimg.cc',
+          'wsrv.nl',
        ]

        if (!allowedHostnames.includes(url.hostname)) {
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
    "eslint": "^8.33.0",
    "eslint-config-prettier": "^8.6.0",
    "eslint-plugin-vue": "^9.9.0",
-    "nuxt": "^3.4.1",
+    "nuxt": "^3.4.2",
    "prettier": "^2.8.3",
    "sass": "^1.58.0",
    "typescript": "^4.9.5",
--- a/yarn.lock
+++ b/yarn.lock