From 6f9161fbd58b7375fbb4b10fdc7a63acd823afed Mon Sep 17 00:00:00 2001 From: Liu Weifeng Date: Thu, 18 Apr 2024 00:32:03 +0800 Subject: [PATCH 1/3] fix(cleanupIds): handle no-uri-encoded references --- plugins/cleanupIds.js | 2 +- test/plugins/cleanupIds.26.svg.txt | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 test/plugins/cleanupIds.26.svg.txt diff --git a/plugins/cleanupIds.js b/plugins/cleanupIds.js index 55bee0e92..f63fbb70f 100644 --- a/plugins/cleanupIds.js +++ b/plugins/cleanupIds.js @@ -233,7 +233,7 @@ export const fn = (_root, params) => { if (value.includes('#')) { // replace id in href and url() element.attributes[name] = value.replace( - `#${encodeURI(id)}`, + new RegExp(`#(${id}|${encodeURI(id)})`), `#${currentIdString}`, ); } else { diff --git a/test/plugins/cleanupIds.26.svg.txt b/test/plugins/cleanupIds.26.svg.txt new file mode 100644 index 000000000..e358bf93e --- /dev/null +++ b/test/plugins/cleanupIds.26.svg.txt @@ -0,0 +1,29 @@ +Should handle non-ASCII IDs and resolve URI encoded references. + +See: https://github.com/svg/svgo/issues/1696 + +=== + + + + + + + + + + + + +@@@ + + + + + + + + + + + From fa214e71d5882dcd11a771e11e9a83aceec567ba Mon Sep 17 00:00:00 2001 From: Liu Weifeng Date: Thu, 18 Apr 2024 00:37:42 +0800 Subject: [PATCH 2/3] test: :test_tube: edit the issue id in test case --- test/plugins/cleanupIds.26.svg.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/plugins/cleanupIds.26.svg.txt b/test/plugins/cleanupIds.26.svg.txt index e358bf93e..b6a1ccb2d 100644 --- a/test/plugins/cleanupIds.26.svg.txt +++ b/test/plugins/cleanupIds.26.svg.txt @@ -1,6 +1,6 @@ -Should handle non-ASCII IDs and resolve URI encoded references. +Should handle non-ASCII IDs and resolve not correctly URI encoded references. -See: https://github.com/svg/svgo/issues/1696 +See: https://github.com/svg/svgo/issues/1981 === From 42e272e7b8ba8e0b529abf8b5a394874cd33ca54 Mon Sep 17 00:00:00 2001 From: Liu Weifeng Date: Thu, 25 Apr 2024 15:16:21 +0800 Subject: [PATCH 3/3] fix: replace regular expression with two replacements to avoid ReDoS, simplify the test cases. --- plugins/cleanupIds.js | 7 +++---- test/plugins/cleanupIds.26.svg.txt | 8 ++------ 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/plugins/cleanupIds.js b/plugins/cleanupIds.js index f63fbb70f..7a30591c8 100644 --- a/plugins/cleanupIds.js +++ b/plugins/cleanupIds.js @@ -232,10 +232,9 @@ export const fn = (_root, params) => { const value = element.attributes[name]; if (value.includes('#')) { // replace id in href and url() - element.attributes[name] = value.replace( - new RegExp(`#(${id}|${encodeURI(id)})`), - `#${currentIdString}`, - ); + element.attributes[name] = value + .replace(`#${encodeURI(id)}`, `#${currentIdString}`) + .replace(`#${id}`, `#${currentIdString}`); } else { // replace id in begin attribute element.attributes[name] = value.replace( diff --git a/test/plugins/cleanupIds.26.svg.txt b/test/plugins/cleanupIds.26.svg.txt index b6a1ccb2d..6a1e23d22 100644 --- a/test/plugins/cleanupIds.26.svg.txt +++ b/test/plugins/cleanupIds.26.svg.txt @@ -7,9 +7,7 @@ See: https://github.com/svg/svgo/issues/1981 - - - + @@ -20,9 +18,7 @@ See: https://github.com/svg/svgo/issues/1981 - - - +