toeverything/AFFiNE
1
1
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2024-12-22 18:11:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #273 from toeverything/feat/security-scan

Browse Source 
Feat/security scan
This commit is contained in:
Chi Zhang 2022-08-17 11:05:22 +08:00 committed by GitHub
commit 1deae12641
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libs/components/editor-blocks/src/blocks/figma/index.ts
View File

@ -1,9 +1,9 @@
import { Protocol } from '@toeverything/datasource/db-service';
import {
AsyncBlock,
BaseView,
SelectBlock,
} from '@toeverything/framework/virgo';
import { Protocol, services } from '@toeverything/datasource/db-service';
import { FigmaView } from './FigmaView';
export class FigmaBlock extends BaseView {
@ -19,7 +19,10 @@ export class FigmaBlock extends BaseView {
const tag_name = el.tagName;
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
const href = el.getAttribute('href');
if (href.indexOf('.figma.com') !== -1) {
const allowedHosts = ['www.figma.com'];
const host = new URL(href).host;
if (allowedHosts.includes(host)) {
return [
{
type: this.type,

2
libs/components/editor-blocks/src/blocks/group/utils/weak-sql/weakSqlCreator.ts
View File

@ -49,7 +49,7 @@ const weakSqlCreator = (weak_sql_express = ''): Promise<Constraint[]> => {
constraints.push({
field: field.trim(),
relation: relation.trim() as Relation,
value: pickValue(value.replace(/&&|&|;/, '').trim()),
value: pickValue(value.replace(/&&|&|;/g, '').trim()),
});
/* meaningless return value */

7
libs/components/editor-blocks/src/blocks/youtube/index.ts
View File

@ -1,9 +1,9 @@
import { Protocol } from '@toeverything/datasource/db-service';
import {
AsyncBlock,
BaseView,
SelectBlock,
} from '@toeverything/framework/virgo';
import { Protocol } from '@toeverything/datasource/db-service';
import { YoutubeView } from './YoutubeView';
export class YoutubeBlock extends BaseView {
@ -19,7 +19,10 @@ export class YoutubeBlock extends BaseView {
const tag_name = el.tagName;
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
const href = el.getAttribute('href');
if (href.indexOf('.youtube.com') !== -1) {
const allowedHosts = ['www.youtu.be', 'www.youtube.com'];
const host = new URL(href).host;
if (allowedHosts.includes(host)) {
return [
{
type: this.type,

4
libs/components/editor-blocks/src/components/source-view/format-url/youtube.ts
View File

@ -1,5 +1,7 @@
export const isYoutubeUrl = (url?: string): boolean => {
return url.includes('youtu.be') || url.includes('youtube.com');
const allowedHosts = ['www.youtu.be', 'www.youtube.com'];
const host = new URL(url).host;
return allowedHosts.includes(host);
};
const _regexp = /.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#&?]*).*/;