Changeset View
Changeset View
Standalone View
Standalone View
assets/src/bundles/webapp/xss-filtering.js
| Show All 25 Lines | if (node.nodeName === 'IMG' && data.attrName === 'src') { | ||||
| // the swh object is provided without any useful context | // the swh object is provided without any useful context | ||||
| // to get the image checksums from the web api | // to get the image checksums from the web api | ||||
| if (!swhObjectMetadata.hasOwnProperty('directory')) { | if (!swhObjectMetadata.hasOwnProperty('directory')) { | ||||
| return; | return; | ||||
| } | } | ||||
| // used internal endpoint as image url to possibly get the image data | // used internal endpoint as image url to possibly get the image data | ||||
| // from the archive content | // from the archive content | ||||
| let url = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory); | let directoryUrl = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory); | ||||
| url += `?path=${data.attrValue}`; | let path = data.attrValue; | ||||
| data.attrValue = url; | // strip any query parameters appended to path | ||||
| const url = new URL(window.location.origin + path); | |||||
| if (url.search) { | |||||
| path = path.replace(url.search, ''); | |||||
| } | |||||
| directoryUrl += `?path=${path}`; | |||||
| data.attrValue = directoryUrl; | |||||
| } | } | ||||
| }); | }); | ||||
| export function filterXSS(html) { | export function filterXSS(html) { | ||||
| return DOMPurify.sanitize(html); | return DOMPurify.sanitize(html); | ||||
| } | } | ||||