From 72f8aab2008d09f251559b511f69cf7f7fef478a Mon Sep 17 00:00:00 2001 From: navya9singh Date: Mon, 27 Jan 2025 15:03:05 -0800 Subject: [PATCH 1/5] fixing bug: Unsafe HTML constructed from library input --- packages/playground/src/index.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/playground/src/index.ts b/packages/playground/src/index.ts index 25e2a9f90cb9..ccaa15e77f63 100644 --- a/packages/playground/src/index.ts +++ b/packages/playground/src/index.ts @@ -284,7 +284,9 @@ export const setupPlayground = ( // Set up the label for the dropdown const versionButton = document.querySelectorAll("#versions > a").item(0) - versionButton.innerHTML = "v" + sandbox.ts.version + " " + // Adding HTML sanitizer to remove unsafe content. + const striptags = require('striptags'); + versionButton.innerHTML = "v" + striptags(sandbox.ts.version) + " " versionButton.setAttribute("aria-label", `Select version of TypeScript, currently ${sandbox.ts.version}`) // Add the versions to the dropdown From c507467fea18d9013f4fe9ee28ccf867eab728bf Mon Sep 17 00:00:00 2001 From: navya9singh Date: Tue, 28 Jan 2025 12:42:13 -0800 Subject: [PATCH 2/5] adding striptags import --- packages/playground/package.json | 3 ++- packages/playground/src/index.ts | 2 +- pnpm-lock.yaml | 8 ++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/packages/playground/package.json b/packages/playground/package.json index e3a862f30744..12a40b892448 100644 --- a/packages/playground/package.json +++ b/packages/playground/package.json @@ -17,7 +17,8 @@ "dependencies": { "@typescript/playground-worker": "workspace:*", "@typescript/sandbox": "workspace:*", - "esbuild": "^0.17.8" + "esbuild": "^0.17.8", + "striptags": "^3.2.0" }, "devDependencies": { "@types/jest": "^29.5.12", diff --git a/packages/playground/src/index.ts b/packages/playground/src/index.ts index ccaa15e77f63..309f3eb5435e 100644 --- a/packages/playground/src/index.ts +++ b/packages/playground/src/index.ts @@ -25,6 +25,7 @@ import type React from "react" import { settingsPlugin, getPlaygroundPlugins } from "./sidebar/settings" import { hideNavForHandbook, showNavForHandbook } from "./navigation" import { createTwoslashInlayProvider } from "./twoslashInlays" +import striptags from "striptags" export { PluginUtils } from "./pluginUtils" @@ -285,7 +286,6 @@ export const setupPlayground = ( // Set up the label for the dropdown const versionButton = document.querySelectorAll("#versions > a").item(0) // Adding HTML sanitizer to remove unsafe content. - const striptags = require('striptags'); versionButton.innerHTML = "v" + striptags(sandbox.ts.version) + " " versionButton.setAttribute("aria-label", `Select version of TypeScript, currently ${sandbox.ts.version}`) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index cc6f36f304b5..f027d7da11b6 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -157,6 +157,9 @@ importers: esbuild: specifier: ^0.17.8 version: 0.17.19 + striptags: + specifier: ^3.2.0 + version: 3.2.0 devDependencies: '@types/jest': specifier: ^29.5.12 @@ -9541,6 +9544,9 @@ packages: resolution: {integrity: sha512-k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg==} engines: {node: '>=0.10.0'} + striptags@3.2.0: + resolution: {integrity: sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==} + strtok3@6.3.0: resolution: {integrity: sha512-fZtbhtvI9I48xDSywd/somNqgUHl2L2cstmXCCif0itOf96jeW18MBSyrLuNicYQVkvpOxkZtkzujiTJ9LW5Jw==} engines: {node: '>=10'} @@ -22542,6 +22548,8 @@ snapshots: dependencies: escape-string-regexp: 1.0.5 + striptags@3.2.0: {} + strtok3@6.3.0: dependencies: '@tokenizer/token': 0.3.0 From f25c8a14c6e17bf3a77228a8ead850447c305354 Mon Sep 17 00:00:00 2001 From: navya9singh Date: Wed, 29 Jan 2025 12:06:40 -0800 Subject: [PATCH 3/5] addresisng comments --- packages/playground/src/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/playground/src/index.ts b/packages/playground/src/index.ts index 309f3eb5435e..f215698bc607 100644 --- a/packages/playground/src/index.ts +++ b/packages/playground/src/index.ts @@ -25,7 +25,6 @@ import type React from "react" import { settingsPlugin, getPlaygroundPlugins } from "./sidebar/settings" import { hideNavForHandbook, showNavForHandbook } from "./navigation" import { createTwoslashInlayProvider } from "./twoslashInlays" -import striptags from "striptags" export { PluginUtils } from "./pluginUtils" @@ -285,8 +284,10 @@ export const setupPlayground = ( // Set up the label for the dropdown const versionButton = document.querySelectorAll("#versions > a").item(0) - // Adding HTML sanitizer to remove unsafe content. - versionButton.innerHTML = "v" + striptags(sandbox.ts.version) + " " + versionButton.textContent = "v" + sandbox.ts.version + " " + const caret = document.createElement("spam") + caret.classList.add("caret") + versionButton.appendChild(caret) versionButton.setAttribute("aria-label", `Select version of TypeScript, currently ${sandbox.ts.version}`) // Add the versions to the dropdown From 39fca3e1ccfb55ce30fe5244346d7a6c54e5b00a Mon Sep 17 00:00:00 2001 From: navya9singh Date: Wed, 29 Jan 2025 12:13:36 -0800 Subject: [PATCH 4/5] removing striptags --- packages/playground/package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/playground/package.json b/packages/playground/package.json index 12a40b892448..e3a862f30744 100644 --- a/packages/playground/package.json +++ b/packages/playground/package.json @@ -17,8 +17,7 @@ "dependencies": { "@typescript/playground-worker": "workspace:*", "@typescript/sandbox": "workspace:*", - "esbuild": "^0.17.8", - "striptags": "^3.2.0" + "esbuild": "^0.17.8" }, "devDependencies": { "@types/jest": "^29.5.12", From 94802297b5433dbf1f885be5456df879623603bd Mon Sep 17 00:00:00 2001 From: navya9singh Date: Wed, 29 Jan 2025 12:15:36 -0800 Subject: [PATCH 5/5] lock file change --- pnpm-lock.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f027d7da11b6..cc6f36f304b5 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -157,9 +157,6 @@ importers: esbuild: specifier: ^0.17.8 version: 0.17.19 - striptags: - specifier: ^3.2.0 - version: 3.2.0 devDependencies: '@types/jest': specifier: ^29.5.12 @@ -9544,9 +9541,6 @@ packages: resolution: {integrity: sha512-k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg==} engines: {node: '>=0.10.0'} - striptags@3.2.0: - resolution: {integrity: sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==} - strtok3@6.3.0: resolution: {integrity: sha512-fZtbhtvI9I48xDSywd/somNqgUHl2L2cstmXCCif0itOf96jeW18MBSyrLuNicYQVkvpOxkZtkzujiTJ9LW5Jw==} engines: {node: '>=10'} @@ -22548,8 +22542,6 @@ snapshots: dependencies: escape-string-regexp: 1.0.5 - striptags@3.2.0: {} - strtok3@6.3.0: dependencies: '@tokenizer/token': 0.3.0