Fix data URL filtering (#1111)

* Fix data URL filtering * upgrade nuxt
modrinth · Apr 22, 2023 · 4be6b11 · 4be6b11
1 parent 5527170
commit 4be6b11
Show file tree

Hide file tree

Showing 3 changed files with 375 additions and 378 deletions.
diff --git a/helpers/parse.js b/helpers/parse.js
@@ -57,7 +57,7 @@ export const configuredXss = new xss.FilterXSS({
     }
   },
   safeAttrValue(tag, name, value, _cssFilter) {
-    if (tag === 'img' && name === 'src') {
+    if (tag === 'img' && name === 'src' && !value.startsWith('data:')) {
       try {
         const url = new URL(value)
 
@@ -72,6 +72,7 @@ export const configuredXss = new xss.FilterXSS({
           'raw.githubusercontent.com',
           'img.shields.io',
           'i.postimg.cc',
+          'wsrv.nl',
         ]
 
         if (!allowedHostnames.includes(url.hostname)) {

diff --git a/package.json b/package.json
@@ -17,7 +17,7 @@
     "eslint": "^8.33.0",
     "eslint-config-prettier": "^8.6.0",
     "eslint-plugin-vue": "^9.9.0",
-    "nuxt": "^3.4.1",
+    "nuxt": "^3.4.2",
     "prettier": "^2.8.3",
     "sass": "^1.58.0",
     "typescript": "^4.9.5",