From 7460c983be680f26e841ab86494448e3b9cea194 Mon Sep 17 00:00:00 2001 From: Quoc Huy Nguyen Dinh Date: Sun, 12 May 2024 23:54:01 +1000 Subject: [PATCH 1/3] Fixing yarn audit critical issues in 'dependencies' group --- package.json | 5 +++-- src/shared/HtmlReady.js | 36 ++++++++++++++++++++++-------------- yarn.lock | 18 +++++++++--------- 3 files changed, 34 insertions(+), 25 deletions(-) diff --git a/package.json b/package.json index 27639e09..d4373f24 100644 --- a/package.json +++ b/package.json @@ -162,7 +162,7 @@ "webpack-cli": "^4.9.2", "webpack-isomorphic-tools": "^4.0.0", "whatwg-fetch": "^3.6.2", - "xmldom": "~0.5.0" + "@xmldom/xmldom": "^0.7.0" }, "devDependencies": { "@babel/cli": "^7.0.0", @@ -276,7 +276,8 @@ "lodash": "4.17.21", "minimist": "1.2.6", "request": "2.88.2", - "node-fetch": "2.6.7" + "node-fetch": "2.6.7", + "crypto-js": "^4.2.0" }, "volta": { "node": "18.14.0", diff --git a/src/shared/HtmlReady.js b/src/shared/HtmlReady.js index 5a66e75b..00c822c9 100644 --- a/src/shared/HtmlReady.js +++ b/src/shared/HtmlReady.js @@ -1,4 +1,4 @@ -import xmldom from 'xmldom'; +import xmldom from '@xmldom/xmldom'; import tt from 'counterpart'; import hljs from 'highlight.js/lib/common'; import linksRe, { any as linksAny } from 'app/utils/Links'; @@ -97,7 +97,10 @@ export default function (html, { mutate = true, hideImages = false, lightbox = f const pre = doc.createElement('pre'); pre.setAttribute('class', 'image-url-only'); pre.appendChild(doc.createTextNode(image.getAttribute('src'))); - image.parentNode.replaceChild(pre, image); + + const imageParent = image.parentNode; + imageParent.appendChild(pre); + imageParent.removeChild(image); } } else { proxifyImages(doc, state); @@ -139,7 +142,9 @@ function traverseForCodeHighlight(node, depth = 0) { if (tag === 'code' && child.textContent.match(/\n/)) { const highlightedContent = hljs.highlightAuto(child.textContent).value; - child.parentNode.replaceChild(DOMParser.parseFromString(`${highlightedContent}`), child); + const parentNode = child.parentNode; + parentNode.appendChild(DOMParser.parseFromString(`${highlightedContent}`)); + parentNode.removeChild(child); } traverseForCodeHighlight(child, depth + 1); @@ -181,7 +186,9 @@ function link(state, child) { phishyDiv.textContent = `${child.textContent} / ${url}`; phishyDiv.setAttribute('title', getPhishingWarningMessage()); phishyDiv.setAttribute('class', 'phishy'); - child.parentNode.replaceChild(phishyDiv, child); + const parentNode = child.parentNode; + parentNode.appendChild(phishyDiv); + parentNode.removeChild(child); } } } @@ -261,15 +268,14 @@ function proxifyImages(doc, state) { const proxifiedImageUrl = proxifyImageUrl(url, true); if (state.lightbox && process.env.BROWSER) { - node.parentNode.replaceChild( - DOMParser.parseFromString(` - ${alt} - `), - node - ); + const parentNode = node.parentNode; + parentNode.appendChild(DOMParser.parseFromString(` + ${alt} + `)); + parentNode.removeChild(node); } else { node.setAttribute('src', proxifiedImageUrl); } @@ -292,7 +298,9 @@ function linkifyNode(child, state) { const content = linkify(data, state.mutate, state.hashtags, state.usertags, state.images, state.links); if (mutate && content !== data) { const newChild = DOMParser.parseFromString(`${content}`); - child.parentNode.replaceChild(newChild, child); + const parentNode = child.parentNode; + parentNode.appendChild(newChild); + parentNode.removeChild(child); // eslint-disable-next-line consistent-return return newChild; } diff --git a/yarn.lock b/yarn.lock index 93d82423..6d1b7c03 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3720,6 +3720,11 @@ object.fromentries "^2.0.0" prop-types "^15.7.0" +"@xmldom/xmldom@^0.7.0": + version "0.7.13" + resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.7.13.tgz#ff34942667a4e19a9f4a0996a76814daac364cf3" + integrity sha512-lm2GW5PkosIzccsaZIz7tp8cPADSIlIHWDFTR1N0SzfinhhYgeIQjFMz4rYzanCScr3DqQLeomUDArp6MWKm+g== + "@xobotyi/scrollbar-width@^1.9.5": version "1.9.5" resolved "https://registry.yarnpkg.com/@xobotyi/scrollbar-width/-/scrollbar-width-1.9.5.tgz#80224a6919272f405b87913ca13b92929bdf3c4d" @@ -6047,10 +6052,10 @@ crypto-browserify@^3.11.0, crypto-browserify@^3.12.0: randombytes "^2.0.0" randomfill "^1.0.3" -crypto-js@^4.1.1: - version "4.1.1" - resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf" - integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw== +crypto-js@^4.1.1, crypto-js@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631" + integrity sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q== csrf@^3.1.0: version "3.1.0" @@ -16641,11 +16646,6 @@ xmlchars@^2.2.0: resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb" integrity sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw== -xmldom@~0.5.0: - version "0.5.0" - resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.5.0.tgz#193cb96b84aa3486127ea6272c4596354cb4962e" - integrity sha512-Foaj5FXVzgn7xFzsKeNIde9g6aFBxTPi37iwsno8QvApmtg7KYrr+OPyRHcJF7dud2a5nGRBXK3n0dL62Gf7PA== - xregexp@^4.3.0: version "4.4.1" resolved "https://registry.yarnpkg.com/xregexp/-/xregexp-4.4.1.tgz#c84a88fa79e9ab18ca543959712094492185fe65" From c7d9cd256c566df8c37f5662cbf7b5b8455f0e5c Mon Sep 17 00:00:00 2001 From: Quoc Huy Nguyen Dinh Date: Mon, 13 May 2024 00:36:17 +1000 Subject: [PATCH 2/3] remove dtube tests --- src/shared/HtmlReady.test.js | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/shared/HtmlReady.test.js b/src/shared/HtmlReady.test.js index d22c1ebb..31176b25 100644 --- a/src/shared/HtmlReady.test.js +++ b/src/shared/HtmlReady.test.js @@ -202,18 +202,4 @@ describe('htmlready', () => { const res = HtmlReady(testString).html; expect(res).toEqual(htmlified); }); - - it('should not omit text on same line as dtube link', () => { - const testString = '

before text https://d.tube/#!/v/tibfox/mvh7g26e after text

'; - const htmlified = '

before text ~~~ embed:tibfox/mvh7g26e dtube ~~~ after text

'; - const res = HtmlReady(testString).html; - expect(res).toEqual(htmlified); - }); - - it('should handle dtube embed', () => { - const testString = ''; - const htmlified = '
'; - const res = HtmlReady(testString).html; - expect(res).toEqual(htmlified); - }); }); From 109bc48cc3f42b039c67339fd390e577bad31796 Mon Sep 17 00:00:00 2001 From: Quoc Huy Nguyen Dinh Date: Mon, 13 May 2024 00:37:29 +1000 Subject: [PATCH 3/3] Update browsers list --- package.json | 4 ++-- yarn.lock | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index d4373f24..3c1acf97 100644 --- a/package.json +++ b/package.json @@ -41,6 +41,7 @@ "@testing-library/jest-dom": "^5.16.4", "@testing-library/react": "^13.2.0", "@testing-library/user-event": "^14.1.1", + "@xmldom/xmldom": "^0.7.0", "assert": "1.4.1", "autoprefixer": "^9.6.1", "axios": "^0.27.2", @@ -161,8 +162,7 @@ "vm-browserify": "^1.1.2", "webpack-cli": "^4.9.2", "webpack-isomorphic-tools": "^4.0.0", - "whatwg-fetch": "^3.6.2", - "@xmldom/xmldom": "^0.7.0" + "whatwg-fetch": "^3.6.2" }, "devDependencies": { "@babel/cli": "^7.0.0", diff --git a/yarn.lock b/yarn.lock index 6d1b7c03..ec71fd64 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5260,9 +5260,9 @@ camelcase@^6.2.0: integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001449: - version "1.0.30001450" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001450.tgz#022225b91200589196b814b51b1bbe45144cf74f" - integrity sha512-qMBmvmQmFXaSxexkjjfMvD5rnDL0+m+dUMZKoDYsGG8iZN29RuYh9eRoMvKsT6uMAWlyUUGDEQGJJYjzCIO9ew== + version "1.0.30001617" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001617.tgz" + integrity sha512-mLyjzNI9I+Pix8zwcrpxEbGlfqOkF9kM3ptzmKNw5tizSyYwMe+nGLTqMK9cO+0E+Bh6TsBxNAaHWEM8xwSsmA== capture-exit@^2.0.0: version "2.0.0"