Skip to content

Commit

Permalink
fix: apply xss and redos vulnerabilities fixes from main repo
Browse files Browse the repository at this point in the history 
- parallax#2806
- parallax#3091
  • Loading branch information
@pmstss
pmstss committed Jul 18, 2022
1 parent 190b710 commit 45ac864
Show file tree
Hide file tree
Showing 8 changed files with 6,213 additions and 6,227 deletions.
6,280 changes: 3,136 additions & 3,144 deletions dist/jspdf.debug.js
View file

Large diffs are not rendered by default.

20 changes: 10 additions & 10 deletions dist/jspdf.min.js
View file

Large diffs are not rendered by default.

6,112 changes: 3,052 additions & 3,060 deletions dist/jspdf.node.debug.js
View file

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions dist/jspdf.node.min.js
View file

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Expand Up @@ -24,6 +24,7 @@
},
"dependencies": {
"canvg": "2.0.0",
"dompurify": "^2.3.9",
"file-saver": "eligrey/FileSaver.js#1.3.8",
"html2canvas": "1.0.0-alpha.12",
"omggif": "1.0.10",
Expand Down
2 changes: 1 addition & 1 deletion src/modules/addimage.js
View file
Expand Up @@ -491,7 +491,7 @@
var result = null;

if (dataUrlParts.length === 2) {
var extractedInfo = /^data:(\w*\/\w*);*(charset=[\w=-]*)*;*$/.exec(dataUrlParts[0]);
var extractedInfo = /^data:(\w*\/\w*);*(charset=(?!charset=)[\w=-]*)*;*$/.exec(dataUrlParts[0]);
if (Array.isArray(extractedInfo)) {
result = {
mimeType : extractedInfo[1],
Expand Down
6 changes: 1 addition & 5 deletions src/modules/html.js
View file
Expand Up @@ -43,11 +43,7 @@
var el = document.createElement(tagName);
if (opt.className) el.className = opt.className;
if (opt.innerHTML) {
el.innerHTML = opt.innerHTML;
var scripts = el.getElementsByTagName('script');
for (var i = scripts.length; i-- > 0; null) {
scripts[i].parentNode.removeChild(scripts[i]);
}
el.innerHTML = DOMPurify.sanitize(opt.innerHTML);
}
for (var key in opt.style) {
el.style[key] = opt.style[key];
Expand Down

0 comments on commit 45ac864

Please sign in to comment.