From 8a1fd73f3b1f17a8e9cd919f1f4ae85c785080d4 Mon Sep 17 00:00:00 2001 From: Bharat Rajagopalan Date: Tue, 29 Dec 2020 16:13:19 +0100 Subject: [PATCH] added null checks and cleanup --- .../modules/rendering/html-security/renderer.js | 17 ++++++++++++----- .../rendering/markdown-plantuml/renderer.js | 10 +++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/server/modules/rendering/html-security/renderer.js b/server/modules/rendering/html-security/renderer.js index 956ae6c5..1ab73cbf 100644 --- a/server/modules/rendering/html-security/renderer.js +++ b/server/modules/rendering/html-security/renderer.js @@ -35,7 +35,9 @@ module.exports = { //Changes to keep interactive plantuml object tag //only allow specific attributes for plantuml object node - if (`${pumlImageFormat}` == 'svg') { + if (typeof pumlImageFormat !== 'undefined' && + pumlImageFormat && + pumlImageFormat == 'svg') { allowedTags.push('object') allowedAttrs.push('data') allowedAttrs.push('type') @@ -51,7 +53,12 @@ module.exports = { // insert the plantuml inside the object as text for search let isPumlNode=false - if (data.tagName === 'object') { + if (data.tagName === 'object' && + typeof pumlServer !== 'undefined' && pumlServer && + typeof pumlObjectStyle !== 'undefined' && pumlObjectStyle && + typeof pumlObjectType !== 'undefined' && pumlObjectType && + typeof pumlObjectClass !== 'undefined' && pumlObjectClass + ) { //console.log ("Found object node - validating") //remove node if it doesn't conform to plantuml structure if (!( 'data' in node.attributes @@ -72,9 +79,9 @@ module.exports = { ) { //console.log ("Plantuml node found - setting atribute values") isPumlNode=true - node.setAttribute ('type', `${pumlObjectType}`) - node.setAttribute ('style', `${pumlObjectStyle}`) - node.setAttribute ('class', `${pumlObjectClass}`) + node.setAttribute ('type', pumlObjectType) + node.setAttribute ('style', pumlObjectStyle) + node.setAttribute ('class', pumlObjectClass) node.setAttribute ('alt', '') } diff --git a/server/modules/rendering/markdown-plantuml/renderer.js b/server/modules/rendering/markdown-plantuml/renderer.js index 8c12961f..428086e2 100644 --- a/server/modules/rendering/markdown-plantuml/renderer.js +++ b/server/modules/rendering/markdown-plantuml/renderer.js @@ -129,7 +129,7 @@ module.exports = { // alt is constructed from children. No point in populating it here. token.attrs = [ [ 'src' , `${server}/${imageFormat}/${zippedCode}` ], [ 'alt' , '' ], - ['class', `${pumlObjectClass}` ] + ['class', pumlObjectClass ] ] token.block = true token.children = altToken @@ -145,9 +145,9 @@ module.exports = { token = state.push('uml_diagram_obj', 'object', 0) token.attrs = [ [ 'data' , `${server}/${imageFormat}/${zippedCode}`], [ 'alt' , '' ], - [ 'class', `${pumlObjectClass}` ], - [ 'style', `${pumlObjectStyle}` ], - [ 'type', `${pumlObjectType}` ] + [ 'class', pumlObjectClass ], + [ 'style', pumlObjectStyle ], + [ 'type', pumlObjectType ] ] token.block = true token.children = altToken @@ -164,7 +164,7 @@ module.exports = { // alt is constructed from children. No point in populating it here. token.attrs = [ [ 'src' , `${server}/${imageFormat}/${zippedCode}` ], [ 'alt' , '' ], - ['class', `${pumlObjectClass}`] + ['class', pumlObjectClass] ] token.block = true token.children = altToken