mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-12-23 05:42:30 +03:00
Merge pull request #273 from toeverything/feat/security-scan
Feat/security scan
This commit is contained in:
commit
1deae12641
@ -1,9 +1,9 @@
|
|||||||
|
import { Protocol } from '@toeverything/datasource/db-service';
|
||||||
import {
|
import {
|
||||||
AsyncBlock,
|
AsyncBlock,
|
||||||
BaseView,
|
BaseView,
|
||||||
SelectBlock,
|
SelectBlock,
|
||||||
} from '@toeverything/framework/virgo';
|
} from '@toeverything/framework/virgo';
|
||||||
import { Protocol, services } from '@toeverything/datasource/db-service';
|
|
||||||
import { FigmaView } from './FigmaView';
|
import { FigmaView } from './FigmaView';
|
||||||
|
|
||||||
export class FigmaBlock extends BaseView {
|
export class FigmaBlock extends BaseView {
|
||||||
@ -19,7 +19,10 @@ export class FigmaBlock extends BaseView {
|
|||||||
const tag_name = el.tagName;
|
const tag_name = el.tagName;
|
||||||
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
|
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
|
||||||
const href = el.getAttribute('href');
|
const href = el.getAttribute('href');
|
||||||
if (href.indexOf('.figma.com') !== -1) {
|
const allowedHosts = ['www.figma.com'];
|
||||||
|
const host = new URL(href).host;
|
||||||
|
|
||||||
|
if (allowedHosts.includes(host)) {
|
||||||
return [
|
return [
|
||||||
{
|
{
|
||||||
type: this.type,
|
type: this.type,
|
||||||
|
@ -49,7 +49,7 @@ const weakSqlCreator = (weak_sql_express = ''): Promise<Constraint[]> => {
|
|||||||
constraints.push({
|
constraints.push({
|
||||||
field: field.trim(),
|
field: field.trim(),
|
||||||
relation: relation.trim() as Relation,
|
relation: relation.trim() as Relation,
|
||||||
value: pickValue(value.replace(/&&|&|;/, '').trim()),
|
value: pickValue(value.replace(/&&|&|;/g, '').trim()),
|
||||||
});
|
});
|
||||||
|
|
||||||
/* meaningless return value */
|
/* meaningless return value */
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
|
import { Protocol } from '@toeverything/datasource/db-service';
|
||||||
import {
|
import {
|
||||||
AsyncBlock,
|
AsyncBlock,
|
||||||
BaseView,
|
BaseView,
|
||||||
SelectBlock,
|
SelectBlock,
|
||||||
} from '@toeverything/framework/virgo';
|
} from '@toeverything/framework/virgo';
|
||||||
import { Protocol } from '@toeverything/datasource/db-service';
|
|
||||||
import { YoutubeView } from './YoutubeView';
|
import { YoutubeView } from './YoutubeView';
|
||||||
|
|
||||||
export class YoutubeBlock extends BaseView {
|
export class YoutubeBlock extends BaseView {
|
||||||
@ -19,7 +19,10 @@ export class YoutubeBlock extends BaseView {
|
|||||||
const tag_name = el.tagName;
|
const tag_name = el.tagName;
|
||||||
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
|
if (tag_name === 'A' && el.parentElement?.childElementCount === 1) {
|
||||||
const href = el.getAttribute('href');
|
const href = el.getAttribute('href');
|
||||||
if (href.indexOf('.youtube.com') !== -1) {
|
const allowedHosts = ['www.youtu.be', 'www.youtube.com'];
|
||||||
|
const host = new URL(href).host;
|
||||||
|
|
||||||
|
if (allowedHosts.includes(host)) {
|
||||||
return [
|
return [
|
||||||
{
|
{
|
||||||
type: this.type,
|
type: this.type,
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
export const isYoutubeUrl = (url?: string): boolean => {
|
export const isYoutubeUrl = (url?: string): boolean => {
|
||||||
return url.includes('youtu.be') || url.includes('youtube.com');
|
const allowedHosts = ['www.youtu.be', 'www.youtube.com'];
|
||||||
|
const host = new URL(url).host;
|
||||||
|
return allowedHosts.includes(host);
|
||||||
};
|
};
|
||||||
|
|
||||||
const _regexp = /.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#&?]*).*/;
|
const _regexp = /.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#&?]*).*/;
|
||||||
|
Loading…
Reference in New Issue
Block a user