Fix data URL filtering (#1111)

* Fix data URL filtering * upgrade nuxt
2023-04-21 18:39:11 -07:00
parent 5527170fab
commit 4be6b11c1e
3 changed files with 354 additions and 357 deletions
--- a/helpers/parse.js
+++ b/helpers/parse.js
@@ -57,7 +57,7 @@ export const configuredXss = new xss.FilterXSS({
    }
  },
  safeAttrValue(tag, name, value, _cssFilter) {
-    if (tag === 'img' && name === 'src') {
+    if (tag === 'img' && name === 'src' && !value.startsWith('data:')) {
      try {
        const url = new URL(value)

@@ -72,6 +72,7 @@ export const configuredXss = new xss.FilterXSS({
          'raw.githubusercontent.com',
          'img.shields.io',
          'i.postimg.cc',
+          'wsrv.nl',
        ]

        if (!allowedHostnames.includes(url.hostname)) {