Fix data URL filtering (#1111)

* Fix data URL filtering

* upgrade nuxt
This commit is contained in:
Geometrically
2023-04-21 18:39:11 -07:00
committed by GitHub
parent 5527170fab
commit 4be6b11c1e
3 changed files with 354 additions and 357 deletions

View File

@@ -57,7 +57,7 @@ export const configuredXss = new xss.FilterXSS({
}
},
safeAttrValue(tag, name, value, _cssFilter) {
if (tag === 'img' && name === 'src') {
if (tag === 'img' && name === 'src' && !value.startsWith('data:')) {
try {
const url = new URL(value)
@@ -72,6 +72,7 @@ export const configuredXss = new xss.FilterXSS({
'raw.githubusercontent.com',
'img.shields.io',
'i.postimg.cc',
'wsrv.nl',
]
if (!allowedHostnames.includes(url.hostname)) {