673f7a82d1
* New features * Lots of bug fixes * Fix respack creation * Improve mobile nav with more project types * Fix resolution sorting and remove icons * Move cookie consent to top on small devices to get out of the way of navigation * Move cookie consent + fix hydration * Fix project editing + update search features * Centralize hardcoding of loader/category names, fix cookie consent shadow, fix mobile navbar rounding * Fix plugin platforms formatting * Kitchen sink! * Add support for display names * LiteLoader formatting * Fixed "show all loaders" toggle not resetting when changing pages * Allow multiple loaders in version filter controls * Fix clear filters button * Revert "Add support for display names" This reverts commit 370838763d86bcae51bf06c304248f7a1f8fc28f. * Let's see how this goes. Upstream filters, attempt 1 * github? hello? * No more "Server mod" on plugins * Fix formatting of project types in project creation * Move where project creation sets the resource pack loader * Allow setting pixelated image-rendering Allows to apply 'style' attribute to IMG tags with value 'image-rendering' set to 'pixelated', which can be useful for people who use pixel art in their READMEs (to demonstrate items, for example). * fix user page + hydration issue fix from Brawaru * Rename to proxies * Make categories use title case * Always show project type on moderation page, improve project type display on project pages * Remove invalid key * Missed a check * Fix browse menu animation * Fix disabled button condition and minimum width for 2 lines * Body -> Description in edit pages * More casing consistency issues * Fix duplicate version URLs * Fix version creation * Edit URLs, fix privacy page buttons * Fix notifications popup overlaying * Final merge fixes Co-authored-by: Prospector <prospectordev@gmail.com> Co-authored-by: Sasha Sorokin <10401817+Brawaru@users.noreply.github.com>
53 lines
1.3 KiB
JavaScript
53 lines
1.3 KiB
JavaScript
import xss from 'xss'
|
|
|
|
/**
|
|
* @type {import('xss').IFilterXSSOptions}
|
|
*/
|
|
const options = {
|
|
whiteList: {
|
|
...xss.whiteList,
|
|
summary: [],
|
|
h1: ['id'],
|
|
h2: ['id'],
|
|
h3: ['id'],
|
|
h4: ['id'],
|
|
h5: ['id'],
|
|
h6: ['id'],
|
|
input: ['checked', 'disabled', 'type'],
|
|
iframe: ['width', 'height', 'allowfullscreen', 'frameborder'],
|
|
img: [...xss.whiteList.img, 'style'],
|
|
},
|
|
css: {
|
|
whiteList: {
|
|
'image-rendering': /^pixelated$/,
|
|
},
|
|
},
|
|
onIgnoreTagAttr: (tag, name, value) => {
|
|
// Allow iframes from acceptable sources
|
|
if (tag === 'iframe' && name === 'src') {
|
|
const allowedSources = [
|
|
{
|
|
regex:
|
|
/^https?:\/\/(www\.)?youtube(-nocookie)?\.com\/embed\/[a-zA-Z0-9_-]{11}(\?&autoplay=[0-1]{1})?$/,
|
|
remove: ['&autoplay=1'], // Prevents autoplay
|
|
},
|
|
]
|
|
|
|
for (const source of allowedSources) {
|
|
if (source.regex.test(value)) {
|
|
for (const remove of source.remove) {
|
|
value = value.replace(remove, '')
|
|
}
|
|
return name + '="' + xss.escapeAttrValue(value) + '"'
|
|
}
|
|
}
|
|
}
|
|
},
|
|
}
|
|
|
|
const configuredXss = new xss.FilterXSS(options)
|
|
|
|
export default (ctx, inject) => {
|
|
inject('xss', (string) => configuredXss.process(string))
|
|
}
|