Skip to content

Commit

Permalink
Merge pull request #650 from dylanarmstrong/fix/ignore-source-maps
Browse files Browse the repository at this point in the history
fix: ignore source maps when processing with postcss
  • Loading branch information
boutell authored Feb 22, 2024
2 parents 5a5a74e + 1e2294c commit c5dbdf7
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

- Clarified the use of SVGs with a new test and changes to documentation. Thanks to [Gauav Kumar](https://github.com/gkumar9891) for the contribution.

- Do not process source maps when processing style tags with PostCSS.

## 2.11.0 (2023-06-21)

- Fix to allow `false` in `allowedClasses` attributes. Thanks to [Kevin Jiang](https://github.com/KevinSJ) for this fix!
Expand Down
2 changes: 1 addition & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -453,7 +453,7 @@ function sanitizeHtml(html, options, _recursing) {
if (a === 'style') {
if (options.parseStyleAttributes) {
try {
const abstractSyntaxTree = postcssParse(name + ' {' + value + '}');
const abstractSyntaxTree = postcssParse(name + ' {' + value + '}', { map: false });
const filteredAST = filterCss(abstractSyntaxTree, options.allowedStyles);

value = stringifyStyleAttributes(filteredAST);
Expand Down
8 changes: 8 additions & 0 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -1659,5 +1659,13 @@ describe('sanitizeHtml', function() {
}
}), '<svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="myGradient" gradientTransform="rotate(90)"><stop offset="5%" stop-color="gold"></stop><stop offset="95%" stop-color="red"></stop></linearGradient></defs><circle cx="5" cy="5" r="4" fill="url(\'#myGradient\')"></circle></svg>');
});
it('should not process style sourceMappingURL with postCSS', () => {
assert.equal(sanitizeHtml('<a style=\'background-image: url("/*# sourceMappingURL=../index.js */");\'></a>', {
allowedAttributes: {
...sanitizeHtml.defaults.allowedAttributes,
a: [ 'style' ]
}
}), '<a style="background-image:url(&quot;/*# sourceMappingURL=../index.js */&quot;)"></a>');
});

});

0 comments on commit c5dbdf7

Please sign in to comment.