Resolves an xss vulnerability · baileytownsend.dev/pds-dash-fork@03b2db0

baileytownsend.dev / pds-dash-fork

fork atom

A fork of pds-dash for selfhosted.social

fork atom

Resolves an xss vulnerability

baileytownsend.dev 2 months ago 03b2db01 7228a73b

+12 -2

3 changed files

expand all

unified split

package.json

pnpm-lock.yaml

src

lib

components

landing

PostComponent.svelte

package.json

··· 14 "@atcute/client": "^3.0.1", 15 "@atcute/identity-resolver": "^0.1.2", 16 "@atproto/api": "^0.16.9", 17 "@eslint/compat": "^2.0.0", 18 "@eslint/js": "^9.39.1", 19 "@sinclair/typebox": "^0.34.41",

··· 14 "@atcute/client": "^3.0.1", 15 "@atcute/identity-resolver": "^0.1.2", 16 "@atproto/api": "^0.16.9", 17 + "@braintree/sanitize-url": "^7.1.1", 18 "@eslint/compat": "^2.0.0", 19 "@eslint/js": "^9.39.1", 20 "@sinclair/typebox": "^0.34.41",

pnpm-lock.yaml

··· 20 '@atproto/api': 21 specifier: ^0.16.9 22 version: 0.16.11 23 '@eslint/compat': 24 specifier: ^2.0.0 25 version: 2.0.0(eslint@9.39.1) ··· 130 '@badrap/valita@0.4.6': 131 resolution: {integrity: sha512-4kdqcjyxo/8RQ8ayjms47HCWZIF5981oE5nIenbfThKDxWXtEHKipAOWlflpPJzZx9y/JWYQkp18Awr7VuepFg==} 132 engines: {node: '>= 18'} 133 134 '@esbuild/aix-ppc64@0.25.12': 135 resolution: {integrity: sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==} ··· 1391 zod: 3.25.76 1392 1393 '@badrap/valita@0.4.6': {} 1394 1395 '@esbuild/aix-ppc64@0.25.12': 1396 optional: true

··· 20 '@atproto/api': 21 specifier: ^0.16.9 22 version: 0.16.11 23 + '@braintree/sanitize-url': 24 + specifier: ^7.1.1 25 + version: 7.1.1 26 '@eslint/compat': 27 specifier: ^2.0.0 28 version: 2.0.0(eslint@9.39.1) ··· 133 '@badrap/valita@0.4.6': 134 resolution: {integrity: sha512-4kdqcjyxo/8RQ8ayjms47HCWZIF5981oE5nIenbfThKDxWXtEHKipAOWlflpPJzZx9y/JWYQkp18Awr7VuepFg==} 135 engines: {node: '>= 18'} 136 + 137 + '@braintree/sanitize-url@7.1.1': 138 + resolution: {integrity: sha512-i1L7noDNxtFyL5DmZafWy1wRVhGehQmzZaz1HiN5e7iylJMSZR7ekOV7NsIqa5qBldlLrsKv4HbgFUVlQrz8Mw==} 139 140 '@esbuild/aix-ppc64@0.25.12': 141 resolution: {integrity: sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==} ··· 1397 zod: 3.25.76 1398 1399 '@badrap/valita@0.4.6': {} 1400 + 1401 + '@braintree/sanitize-url@7.1.1': {} 1402 1403 '@esbuild/aix-ppc64@0.25.12': 1404 optional: true

+3 -2

src/lib/components/landing/PostComponent.svelte

··· 5 import moment from 'moment'; 6 import { blueskyHandleFromDid } from '../../pdsfetch'; 7 import Hls from 'hls.js'; 8 let { post }: { post: Post } = $props(); 9 10 // State for image carousel ··· 137 > 138 {/if} 139 <div id="postText"> 140 - {#each post.richText.segments() as segment} 141 {#if segment.mention} 142 <a href="{Config.FRONTEND_URL}/profile/{segment.mention.did}" 143 >{segment.text}</a 144 > 145 {:else if segment.link} 146 - <a style="text-decoration: underline" href="{segment.link.uri}">{segment.text}</a> 147 {:else if segment.text} 148 {segment.text} 149 {/if}

··· 5 import moment from 'moment'; 6 import { blueskyHandleFromDid } from '../../pdsfetch'; 7 import Hls from 'hls.js'; 8 + import {sanitizeUrl} from '@braintree/sanitize-url'; 9 let { post }: { post: Post } = $props(); 10 11 // State for image carousel ··· 138 > 139 {/if} 140 <div id="postText"> 141 + {#each post.richText.segments() as segment, index (index)} 142 {#if segment.mention} 143 <a href="{Config.FRONTEND_URL}/profile/{segment.mention.did}" 144 >{segment.text}</a 145 > 146 {:else if segment.link} 147 + <a style="text-decoration: underline" href="{sanitizeUrl(segment.link.uri)}">{segment.text}</a> 148 {:else if segment.text} 149 {segment.text} 150 {/if}