Allow base 64 url as images for static maps (#1007)

* allow base-64 url as images

* Add option to config

* Refactoring

* Update docs

* feat: added base64 url images lint

Signed-off-by: Boon Boonsiri <bboonsir@uwaterloo.ca>

---------

Signed-off-by: Boon Boonsiri <bboonsir@uwaterloo.ca>

docs/config.rst

@@ -157,6 +157,13 @@ Allows the rendering of marker icons fetched via http(s) hyperlinks.
 For security reasons only allow this if you can control the origins from where the markers are fetched!
 Default is to disallow fetching of icons from remote sources.
 
+``allowInlineMarkerImages``
+--------------
+Allows the rendering of inline marker icons or base64 urls.
+For security reasons only allow this if you can control the origins from where the markers are fetched!
+Not used by default.
+
+
 ``styles``
 ==========
 

src/serve_rendered.js

@@ -279,7 +279,10 @@ const extractMarkersFromQuery = (query, options, transformer) => {
     let iconURI = markerParts[1];
     // Check if icon is served via http otherwise marker icons are expected to
     // be provided as filepaths relative to configured icon path
-    if (!(iconURI.startsWith('http://') || iconURI.startsWith('https://'))) {
+    const isRemoteURL =
+      iconURI.startsWith('http://') || iconURI.startsWith('https://');
+    const isDataURL = iconURI.startsWith('data:');
+    if (!(isRemoteURL || isDataURL)) {
       // Sanitize URI with sanitize-filename
       // https://www.npmjs.com/package/sanitize-filename#details
       iconURI = sanitize(iconURI);
@@ -292,7 +295,9 @@ const extractMarkersFromQuery = (query, options, transformer) => {
       iconURI = path.resolve(options.paths.icons, iconURI);
 
       // When we encounter a remote icon check if the configuration explicitly allows them.
-    } else if (options.allowRemoteMarkerIcons !== true) {
+    } else if (isRemoteURL && options.allowRemoteMarkerIcons !== true) {
+      continue;
+    } else if (isDataURL && options.allowInlineMarkerImages !== true) {
       continue;
     }