github
/
ha-frontend
mirror of https://github.com/home-assistant/frontend
1
Fork 0
Code Releases Activity

Bump xss from 1.0.9 to 1.0.14 (#15115) 

* Bump xss from 1.0.9 to 1.0.14

Bumps [xss](https://github.com/leizongmin/js-xss) from 1.0.9 to 1.0.14.
- [Release notes](https://github.com/leizongmin/js-xss/releases)
- [Changelog](https://github.com/leizongmin/js-xss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/leizongmin/js-xss/compare/v1.0.9...v1.0.14)

---
updated-dependencies:
- dependency-name: xss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use whitelist type from package

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Steve Repsher <steverep@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2023-01-16 07:24:21 +00:00 committed by GitHub
parent 21f3eb9103
commit e206e86fb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -143,7 +143,7 @@
"workbox-precaching": "^6.5.4",
"workbox-routing": "^6.5.4",
"workbox-strategies": "^6.5.4",
"xss": "^1.0.9"
"xss": "^1.0.14"
},
"devDependencies": {
"@babel/core": "^7.20.2",

14
src/resources/markdown_worker.ts
View File

@ -2,14 +2,10 @@
import { expose } from "comlink";
import { marked } from "marked";
import "proxy-polyfill";
import { filterXSS, getDefaultWhiteList } from "xss";
import { filterXSS, getDefaultWhiteList, IWhiteList } from "xss";
interface WhiteList {
[tag: string]: string[];
}
let whiteListNormal: WhiteList | undefined;
let whiteListSvg: WhiteList | undefined;
let whiteListNormal: IWhiteList | undefined;
let whiteListSvg: IWhiteList | undefined;
// Override the default `onTagAttr` behavior to only render
// our markdown checkboxes.
@ -43,7 +39,7 @@ const renderMarkdown = (
): string => {
if (!whiteListNormal) {
whiteListNormal = {
...(getDefaultWhiteList() as WhiteList),
...getDefaultWhiteList(),
input: ["type", "disabled", "checked"],
"ha-icon": ["icon"],
"ha-svg-icon": ["path"],
@ -51,7 +47,7 @@ const renderMarkdown = (
};
}
let whiteList: WhiteList | undefined;
let whiteList: IWhiteList | undefined;
if (hassOptions.allowSvg) {
if (!whiteListSvg) {

10
yarn.lock
View File

@ -9475,7 +9475,7 @@ fsevents@^1.2.7:
workbox-precaching: ^6.5.4
workbox-routing: ^6.5.4
workbox-strategies: ^6.5.4
xss: ^1.0.9
xss: ^1.0.14
languageName: unknown
linkType: soft
@ -16608,15 +16608,15 @@ typescript@^3.8.3:
languageName: node
linkType: hard
"xss@npm:^1.0.9":
version: 1.0.9
resolution: "xss@npm:1.0.9"
"xss@npm:^1.0.14":
version: 1.0.14
resolution: "xss@npm:1.0.14"
dependencies:
commander: ^2.20.3
cssfilter: 0.0.10
bin:
xss: bin/xss
checksum: fdb5e60e51be4edd3a694f92a910f3cd55e3d4746fcf53133863e4d40572c9b4ab1ce8e0011645c776c61f86c5a2ff9fc3e02554766e987bc0bf27d16cd3b407
checksum: 77c6a60a5f96490098ef837c3b49321c0f31963f323c748cb0a01bc02fc6e465a6accbe4c54cad62f8d6ffe647d984be173879433af861883f6213d9416d3f53
languageName: node
linkType: hard