Changeset View
Changeset View
Standalone View
Standalone View
assets/src/bundles/webapp/xss-filtering.js
Show All 25 Lines | if (node.nodeName === 'IMG' && data.attrName === 'src') { | ||||
// the swh object is provided without any useful context | // the swh object is provided without any useful context | ||||
// to get the image checksums from the web api | // to get the image checksums from the web api | ||||
if (!swhObjectMetadata.hasOwnProperty('directory')) { | if (!swhObjectMetadata.hasOwnProperty('directory')) { | ||||
return; | return; | ||||
} | } | ||||
// used internal endpoint as image url to possibly get the image data | // used internal endpoint as image url to possibly get the image data | ||||
// from the archive content | // from the archive content | ||||
let url = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory); | let directoryUrl = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory); | ||||
url += `?path=${data.attrValue}`; | let path = data.attrValue; | ||||
data.attrValue = url; | // strip any query parameters appended to path | ||||
const url = new URL(window.location.origin + path); | |||||
if (url.search) { | |||||
path = path.replace(url.search, ''); | |||||
} | |||||
directoryUrl += `?path=${path}`; | |||||
data.attrValue = directoryUrl; | |||||
} | } | ||||
}); | }); | ||||
export function filterXSS(html) { | export function filterXSS(html) { | ||||
return DOMPurify.sanitize(html); | return DOMPurify.sanitize(html); | ||||
} | } |