97386d20b5
* fix release script * fix svgcanvas edge cases * Update path-actions.js * add modern js * update deps * Update CHANGES.md
318 lines
17 KiB
JavaScript
318 lines
17 KiB
JavaScript
/**
|
|
* Tools for SVG sanitization.
|
|
* @module sanitize
|
|
* @license MIT
|
|
*
|
|
* @copyright 2010 Alexis Deveria, 2010 Jeff Schiller
|
|
*/
|
|
|
|
import { getReverseNS, NS } from './namespaces.js'
|
|
import { getHref, getRefElem, setHref, getUrlFromAttr } from './utilities.js'
|
|
import { warn } from '../common/logger.js'
|
|
|
|
const REVERSE_NS = getReverseNS()
|
|
|
|
// Todo: Split out into core attributes, presentation attributes, etc. so consistent
|
|
/**
|
|
* This defines which elements and attributes that we support (or at least
|
|
* don't remove).
|
|
* @type {PlainObject}
|
|
*/
|
|
/* eslint-disable max-len */
|
|
const svgGenericWhiteList = ['class', 'id', 'display', 'transform', 'style']
|
|
const svgWhiteList_ = {
|
|
// SVG Elements
|
|
a: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'href', 'mask', 'opacity', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'xlink:href', 'xlink:title'],
|
|
circle: ['clip-path', 'clip-rule', 'cx', 'cy', 'enable-background', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'mask', 'opacity', 'r', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage'],
|
|
clipPath: ['clipPathUnits'],
|
|
defs: [],
|
|
desc: [],
|
|
ellipse: ['clip-path', 'clip-rule', 'cx', 'cy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage'],
|
|
feBlend: ['in', 'in2'],
|
|
feColorMatrix: ['in', 'type', 'value', 'result', 'values'],
|
|
feComposite: ['in', 'operator', 'result', 'in2'],
|
|
feFlood: ['flood-color', 'in', 'result', 'flood-opacity'],
|
|
feGaussianBlur: ['color-interpolation-filters', 'in', 'requiredFeatures', 'stdDeviation', 'result'],
|
|
feMerge: [],
|
|
feMergeNode: ['in'],
|
|
feMorphology: ['in', 'operator', 'radius'],
|
|
feOffset: ['dx', 'in', 'dy', 'result'],
|
|
filter: ['color-interpolation-filters', 'filterRes', 'filterUnits', 'height', 'href', 'primitiveUnits', 'requiredFeatures', 'width', 'x', 'xlink:href', 'y'],
|
|
foreignObject: ['font-size', 'height', 'opacity', 'requiredFeatures', 'width', 'x', 'y'],
|
|
g: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'font-family', 'font-size', 'font-style', 'font-weight', 'text-anchor'],
|
|
image: [
|
|
'clip-path', 'clip-rule', 'filter', 'height', 'mask', 'opacity',
|
|
'preserveAspectRatio', 'requiredFeatures', 'systemLanguage', 'viewBox',
|
|
'width', 'x', 'href', 'xlink:href', 'xlink:title', 'y'
|
|
],
|
|
line: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'x1', 'x2', 'y1', 'y2'],
|
|
linearGradient: ['gradientTransform', 'gradientUnits', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'x1', 'x2', 'href', 'xlink:href', 'y1', 'y2'],
|
|
marker: ['markerHeight', 'markerUnits', 'markerWidth', 'orient', 'preserveAspectRatio', 'refX', 'refY', 'se_type', 'systemLanguage', 'viewBox'],
|
|
mask: ['height', 'maskContentUnits', 'maskUnits', 'width', 'x', 'y'],
|
|
metadata: [],
|
|
path: ['clip-path', 'clip-rule', 'd', 'enable-background', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage'],
|
|
pattern: ['height', 'patternContentUnits', 'patternTransform', 'patternUnits', 'requiredFeatures', 'systemLanguage', 'viewBox', 'width', 'x', 'href', 'xlink:href', 'y'],
|
|
polygon: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'sides', 'shape', 'edge', 'point', 'starRadiusMultiplier', 'r', 'radialshift', 'r2', 'orient', 'cx', 'cy'],
|
|
polyline: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'se:connector'],
|
|
radialGradient: ['cx', 'cy', 'fx', 'fy', 'gradientTransform', 'gradientUnits', 'r', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'href', 'xlink:href'],
|
|
rect: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'width', 'x', 'y'],
|
|
stop: ['offset', 'requiredFeatures', 'stop-opacity', 'systemLanguage', 'stop-color', 'gradientUnits', 'gradientTransform'],
|
|
style: ['type'],
|
|
svg: ['clip-path', 'clip-rule', 'enable-background', 'filter', 'height', 'mask', 'preserveAspectRatio', 'requiredFeatures', 'systemLanguage', 'version', 'viewBox', 'width', 'x', 'xmlns', 'xmlns:se', 'xmlns:xlink', 'xmlns:oi', 'oi:animations', 'y', 'stroke-linejoin', 'fill-rule', 'aria-label', 'stroke-width', 'fill-rule', 'xml:space'],
|
|
switch: ['requiredFeatures', 'systemLanguage'],
|
|
symbol: ['fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'opacity', 'overflow', 'preserveAspectRatio', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'viewBox', 'width', 'height'],
|
|
text: ['clip-path', 'clip-rule', 'dominant-baseline', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'text-anchor', 'letter-spacing', 'word-spacing', 'text-decoration', 'textLength', 'lengthAdjust', 'x', 'xml:space', 'y'],
|
|
textPath: ['dominant-baseline', 'href', 'method', 'requiredFeatures', 'spacing', 'startOffset', 'systemLanguage', 'xlink:href'],
|
|
title: [],
|
|
tspan: ['clip-path', 'clip-rule', 'dx', 'dy', 'dominant-baseline', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'mask', 'opacity', 'requiredFeatures', 'rotate', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'systemLanguage', 'text-anchor', 'textLength', 'x', 'xml:space', 'y'],
|
|
use: ['clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'href', 'mask', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'width', 'x', 'xlink:href', 'y', 'overflow'],
|
|
// Filter Primitives
|
|
feComponentTransfer: ['in', 'result'],
|
|
feFuncR: ['type', 'tableValues', 'slope', 'intercept', 'amplitude', 'exponent', 'offset'],
|
|
feFuncG: ['type', 'tableValues', 'slope', 'intercept', 'amplitude', 'exponent', 'offset'],
|
|
feFuncB: ['type', 'tableValues', 'slope', 'intercept', 'amplitude', 'exponent', 'offset'],
|
|
feFuncA: ['type', 'tableValues', 'slope', 'intercept', 'amplitude', 'exponent', 'offset'],
|
|
feConvolveMatrix: ['in', 'order', 'kernelMatrix', 'divisor', 'bias', 'targetX', 'targetY', 'edgeMode', 'kernelUnitLength', 'preserveAlpha'],
|
|
feDiffuseLighting: ['in', 'surfaceScale', 'diffuseConstant', 'kernelUnitLength', 'lighting-color'],
|
|
feSpecularLighting: ['in', 'surfaceScale', 'specularConstant', 'specularExponent', 'kernelUnitLength', 'lighting-color'],
|
|
feDisplacementMap: ['in', 'in2', 'scale', 'xChannelSelector', 'yChannelSelector'],
|
|
feTurbulence: ['baseFrequency', 'numOctaves', 'result', 'seed', 'stitchTiles', 'type'],
|
|
feTile: ['in'],
|
|
|
|
// MathML Elements
|
|
annotation: ['encoding'],
|
|
'annotation-xml': ['encoding'],
|
|
maction: ['actiontype', 'other', 'selection'],
|
|
math: ['xmlns'],
|
|
menclose: ['notation'],
|
|
merror: [],
|
|
mfrac: ['linethickness'],
|
|
mi: ['mathvariant'],
|
|
mmultiscripts: [],
|
|
mn: [],
|
|
mo: ['fence', 'lspace', 'maxsize', 'minsize', 'rspace', 'stretchy'],
|
|
mover: [],
|
|
mpadded: ['lspace', 'width', 'height', 'depth', 'voffset'],
|
|
mphantom: [],
|
|
mprescripts: [],
|
|
mroot: [],
|
|
mrow: ['href', 'xlink:href', 'xlink:type', 'xmlns:xlink'],
|
|
mspace: ['depth', 'height', 'width'],
|
|
msqrt: [],
|
|
mstyle: ['displaystyle', 'mathbackground', 'mathcolor', 'mathvariant', 'scriptlevel'],
|
|
msub: [],
|
|
msubsup: [],
|
|
msup: [],
|
|
mtable: ['align', 'columnalign', 'columnlines', 'columnspacing', 'displaystyle', 'equalcolumns', 'equalrows', 'frame', 'rowalign', 'rowlines', 'rowspacing', 'width'],
|
|
mtd: ['columnalign', 'columnspan', 'rowalign', 'rowspan'],
|
|
mtext: [],
|
|
mtr: ['columnalign', 'rowalign'],
|
|
munder: [],
|
|
munderover: [],
|
|
none: [],
|
|
semantics: [],
|
|
|
|
// HTML Elements for use in a foreignObject
|
|
div: [],
|
|
p: [],
|
|
li: [],
|
|
pre: [],
|
|
ol: [],
|
|
ul: [],
|
|
span: [],
|
|
hr: [],
|
|
br: [],
|
|
h1: [],
|
|
h2: [],
|
|
h3: [],
|
|
h4: [],
|
|
h5: [],
|
|
h6: []
|
|
}
|
|
|
|
// add generic attributes to all elements of the whitelist
|
|
for (const [element, attrs] of Object.entries(svgWhiteList_)) {
|
|
svgWhiteList_[element] = [...attrs, ...svgGenericWhiteList]
|
|
}
|
|
|
|
// Produce a Namespace-aware version of svgWhitelist
|
|
const svgWhiteListNS_ = {}
|
|
for (const [elt, atts] of Object.entries(svgWhiteList_)) {
|
|
const attNS = {}
|
|
for (const att of atts) {
|
|
if (att.includes(':')) {
|
|
const [prefix, localName] = att.split(':')
|
|
attNS[localName] = NS[prefix.toUpperCase()]
|
|
} else {
|
|
attNS[att] = att === 'xmlns' ? NS.XMLNS : null
|
|
}
|
|
}
|
|
svgWhiteListNS_[elt] = attNS
|
|
}
|
|
|
|
/**
|
|
* Sanitizes the input node and its children.
|
|
* It only keeps what is allowed from our whitelist defined above.
|
|
* @function module:sanitize.sanitizeSvg
|
|
* @param {Text|Element} node - The DOM element to be checked (we'll also check its children) or text node to be cleaned up
|
|
* @returns {void}
|
|
*/
|
|
export const sanitizeSvg = (node) => {
|
|
// Cleanup text nodes
|
|
if (node.nodeType === 3) { // 3 === TEXT_NODE
|
|
// Trim whitespace
|
|
node.nodeValue = node.nodeValue.trim()
|
|
// Remove if empty
|
|
if (!node.nodeValue.length) {
|
|
node.remove()
|
|
}
|
|
}
|
|
|
|
// We only care about element nodes.
|
|
// Automatically return for all non-element nodes, such as comments, etc.
|
|
if (node.nodeType !== 1) { // 1 == ELEMENT_NODE
|
|
return
|
|
}
|
|
|
|
const doc = node.ownerDocument
|
|
const parent = node.parentNode
|
|
// can parent ever be null here? I think the root node's parent is the document...
|
|
if (!doc || !parent) {
|
|
return
|
|
}
|
|
|
|
const allowedAttrs = svgWhiteList_[node.nodeName]
|
|
const allowedAttrsNS = svgWhiteListNS_[node.nodeName]
|
|
// if this element is supported, sanitize it
|
|
if (typeof allowedAttrs !== 'undefined') {
|
|
const seAttrs = []
|
|
let i = node.attributes.length
|
|
while (i--) {
|
|
// if the attribute is not in our whitelist, then remove it
|
|
const attr = node.attributes.item(i)
|
|
const attrName = attr.nodeName
|
|
const attrLocalName = attr.localName
|
|
const attrNsURI = attr.namespaceURI
|
|
// Check that an attribute with the correct localName in the correct namespace is on
|
|
// our whitelist or is a namespace declaration for one of our allowed namespaces
|
|
if (attrNsURI !== allowedAttrsNS[attrLocalName] && attrNsURI !== NS.XMLNS &&
|
|
!(attrNsURI === NS.XMLNS && REVERSE_NS[attr.value])) {
|
|
// Special case: allow href attribute even without namespace if it's in the whitelist
|
|
const isHrefAttribute = (attrLocalName === 'href' && allowedAttrs.includes('href'))
|
|
if (!isHrefAttribute) {
|
|
// Bypassing the whitelist to allow se: and oi: prefixes
|
|
// We can add specific namepaces on demand for now.
|
|
// Is there a more appropriate way to do this?
|
|
if (attrName.startsWith('se:') || attrName.startsWith('oi:') || attrName.startsWith('data-')) {
|
|
// We should bypass the namespace aswell
|
|
const seAttrNS = (attrName.startsWith('se:')) ? NS.SE : ((attrName.startsWith('oi:')) ? NS.OI : null)
|
|
seAttrs.push([attrName, attr.value, seAttrNS])
|
|
} else {
|
|
warn(`attribute ${attrName} in element ${node.nodeName} not in whitelist is removed: ${node.outerHTML}`, null, 'sanitize')
|
|
node.removeAttributeNS(attrNsURI, attrLocalName)
|
|
}
|
|
}
|
|
}
|
|
|
|
// For the style attribute, rewrite it in terms of XML presentational attributes
|
|
if (attrName === 'style') {
|
|
const props = attr.value.split(';')
|
|
let p = props.length
|
|
while (p--) {
|
|
const [name, val] = props[p].split(':')
|
|
const styleAttrName = (name || '').trim()
|
|
const styleAttrVal = (val || '').trim()
|
|
// Now check that this attribute is supported
|
|
if (allowedAttrs.includes(styleAttrName)) {
|
|
node.setAttribute(styleAttrName, styleAttrVal)
|
|
}
|
|
}
|
|
node.removeAttribute('style')
|
|
}
|
|
}
|
|
|
|
// If legacy xlink:href is present but href is missing, mirror it to href for modern browsers
|
|
const xlinkHref = node.getAttributeNS(NS.XLINK, 'href')
|
|
if (xlinkHref) {
|
|
node.setAttribute('href', xlinkHref)
|
|
node.removeAttributeNS(NS.XLINK, 'href')
|
|
}
|
|
|
|
Object.values(seAttrs).forEach(([att, val, ns]) => {
|
|
node.setAttributeNS(ns, att, val)
|
|
})
|
|
|
|
// for some elements that have a xlink:href or href, ensure the URI refers to a local element
|
|
// (but not for links and other elements where external hrefs are allowed)
|
|
const href = getHref(node)
|
|
if (href &&
|
|
['filter', 'linearGradient', 'pattern',
|
|
'radialGradient', 'textPath', 'use'].includes(node.nodeName) && href[0] !== '#') {
|
|
// remove the attribute (but keep the element)
|
|
setHref(node, '')
|
|
warn(`attribute href in element ${node.nodeName} pointing to a non-local reference (${href}) is removed: ${node.outerHTML}`, null, 'sanitize')
|
|
node.removeAttributeNS(NS.XLINK, 'href')
|
|
node.removeAttribute('href')
|
|
}
|
|
|
|
// Safari crashes on a <use> without a xlink:href, so we just remove the node here
|
|
if (node.nodeName === 'use' && !getHref(node)) {
|
|
warn(`element ${node.nodeName} without a xlink:href or href is removed: ${node.outerHTML}`, null, 'sanitize')
|
|
node.remove()
|
|
return
|
|
}
|
|
// For <use> elements with missing width/height, derive defaults from referenced viewBox/size for proper sizing/selection
|
|
if (node.nodeName === 'use') {
|
|
const ref = getRefElem(getHref(node))
|
|
if (ref) {
|
|
const refViewBox = ref.getAttribute('viewBox')
|
|
const viewBoxParts = refViewBox ? refViewBox.split(/[\s,]+/).map(Number) : null
|
|
const refWidth = Number(ref.getAttribute('width'))
|
|
const refHeight = Number(ref.getAttribute('height'))
|
|
if (!node.hasAttribute('width')) {
|
|
const width = viewBoxParts?.[2] || refWidth
|
|
if (width) node.setAttribute('width', width)
|
|
}
|
|
if (!node.hasAttribute('height')) {
|
|
const height = viewBoxParts?.[3] || refHeight
|
|
if (height) node.setAttribute('height', height)
|
|
}
|
|
}
|
|
}
|
|
// if the element has attributes pointing to a non-local reference,
|
|
// need to remove the attribute
|
|
['clip-path', 'fill', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'stroke'].forEach((attr) => {
|
|
let val = node.getAttribute(attr)
|
|
if (val) {
|
|
val = getUrlFromAttr(val)
|
|
// simply check for first character being a '#'
|
|
if (val && val[0] !== '#') {
|
|
node.setAttribute(attr, '')
|
|
warn(`attribute ${attr} in element ${node.nodeName} pointing to a non-local reference (${val}) is removed: ${node.outerHTML}`, null, 'sanitize')
|
|
node.removeAttribute(attr)
|
|
}
|
|
}
|
|
})
|
|
|
|
// recurse to children
|
|
i = node.childNodes.length
|
|
while (i--) { sanitizeSvg(node.childNodes.item(i)) }
|
|
// else (element not supported), remove it
|
|
} else {
|
|
// remove all children from this node and insert them before this node
|
|
// TODO: in the case of animation elements this will hardly ever be correct
|
|
warn(`element ${node.nodeName} not supported is removed: ${node.outerHTML}`, null, 'sanitize')
|
|
const children = []
|
|
while (node.hasChildNodes()) {
|
|
children.push(parent.insertBefore(node.firstChild, node))
|
|
}
|
|
|
|
// remove this node from the document altogether
|
|
node.remove()
|
|
|
|
// call sanitizeSvg on each of those children
|
|
let i = children.length
|
|
while (i--) { sanitizeSvg(children[i]) }
|
|
}
|
|
}
|