diff --git a/package-lock.json b/package-lock.json index b86cd7577..4fdeab124 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35803,6 +35803,12 @@ "integrity": "sha512-kNnC1GFBLuhImSnV7w4njQkUiJi0ZXUycu1rUaouPqiKlXkh77JKgdRnTAp1x5eBwcIwbtI+3otwzuIDEuDoxQ==", "dev": true }, + "node_modules/@types/validator": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "integrity": "sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==", + "dev": true + }, "node_modules/@types/video.js": { "version": "7.3.52", "integrity": "sha512-WFj/HkNVCfkchXDeDU0QbimC356FB5vva3g5mgsjk8n3UMKqP9S522rQAmu9LGPiCmShZRPuAlkXmbp5WId6ow==", @@ -72131,6 +72137,7 @@ "@types/papaparse": "^5.3.10", "@types/react": "^18.2.12", "@types/react-dom": "^18.2.5", + "@types/validator": "^13.12.0", "css-loader": "6.8.1", "dotenv": "^16.3.1", "eslint-config-iot-app-kit": "10.10.1", @@ -92548,6 +92555,7 @@ "@types/papaparse": "^5.3.10", "@types/react": "^18.2.12", "@types/react-dom": "^18.2.5", + "@types/validator": "^13.12.0", "aws-sdk-client-mock": "^3.0.0", "buffer": "^6.0.3", "css-loader": "6.8.1", @@ -114723,6 +114731,12 @@ "integrity": "sha512-kNnC1GFBLuhImSnV7w4njQkUiJi0ZXUycu1rUaouPqiKlXkh77JKgdRnTAp1x5eBwcIwbtI+3otwzuIDEuDoxQ==", "dev": true }, + "@types/validator": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "integrity": "sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==", + "dev": true + }, "@types/video.js": { "version": "7.3.52", "integrity": "sha512-WFj/HkNVCfkchXDeDU0QbimC356FB5vva3g5mgsjk8n3UMKqP9S522rQAmu9LGPiCmShZRPuAlkXmbp5WId6ow==", diff --git a/packages/dashboard/package.json b/packages/dashboard/package.json index d3c69b727..e1281da42 100644 --- a/packages/dashboard/package.json +++ b/packages/dashboard/package.json @@ -66,6 +66,7 @@ "@types/papaparse": "^5.3.10", "@types/react": "^18.2.12", "@types/react-dom": "^18.2.5", + "@types/validator": "^13.12.0", "css-loader": "6.8.1", "dotenv": "^16.3.1", "eslint-config-iot-app-kit": "10.10.1", diff --git a/packages/dashboard/src/customization/widgets/text/link/index.tsx b/packages/dashboard/src/customization/widgets/text/link/index.tsx index 0089640dc..53d38f8ae 100644 --- a/packages/dashboard/src/customization/widgets/text/link/index.tsx +++ b/packages/dashboard/src/customization/widgets/text/link/index.tsx @@ -2,7 +2,9 @@ import type { CSSProperties } from 'react'; import React from 'react'; import { defaultFontSettings } from '../styledText/defaultFontSettings'; import type { TextWidget } from '../../types'; -import isValidUrl from 'is-url'; +// import isValidUrl from 'is-url'; +import DOMPurify from 'dompurify'; +import { isURL } from 'validator'; type TextLinkProps = TextWidget; @@ -23,7 +25,9 @@ const TextLink: React.FC = (widget) => { color: fontColor, }; - const renderedHref = href && isValidUrl(href) ? href : undefined; + const sanitizedHref = href ? DOMPurify.sanitize(href) : undefined; + const isValidUrl = sanitizedHref ? isURL(sanitizedHref) : false; + const renderedHref = isValidUrl ? sanitizedHref : undefined; return (