zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #681 from jggsus88/issue/674 

[issue-674] Bypass the ns with the attribute for the se attributes in…
master
JFH 2021-12-22 23:58:15 +01:00 committed by GitHub
parent 6bb447eeee 7ca417c963
commit 8a765aba6f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/svgcanvas/sanitize.js
View File

@ -166,7 +166,9 @@ export const sanitizeSvg = function (node) {
// We can add specific namepaces on demand for now. // We can add specific namepaces on demand for now.
// Is there a more appropriate way to do this? // Is there a more appropriate way to do this?
if (attrName.startsWith('se:') || attrName.startsWith('oi:')|| attrName.startsWith('data-')) { if (attrName.startsWith('se:') || attrName.startsWith('oi:')|| attrName.startsWith('data-')) {
seAttrs.push([ attrName, attr.value ]); // We should bypass the namespace aswell
const seAttrNS = (attrName.startsWith('se:')) ? NS.SE : ((attrName.startsWith('oi:')) ? NS.OI : null);
seAttrs.push([ attrName, attr.value, seAttrNS ]);
} else { } else {
console.warn(`sanitizeSvg: attribute ${attrName} in element ${node.nodeName} not in whitelist is removed`); console.warn(`sanitizeSvg: attribute ${attrName} in element ${node.nodeName} not in whitelist is removed`);
node.removeAttributeNS(attrNsURI, attrLocalName); node.removeAttributeNS(attrNsURI, attrLocalName);
@ -190,8 +192,8 @@ export const sanitizeSvg = function (node) {
} }
} }
Object.values(seAttrs).forEach(([ att, val ]) => { Object.values(seAttrs).forEach(([ att, val, ns ]) => {
node.setAttributeNS(NS.SE, att, val); node.setAttributeNS(ns, att, val);
}); });
// for some elements that have a xlink:href, ensure the URI refers to a local element // for some elements that have a xlink:href, ensure the URI refers to a local element