diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 081b80b7dc9bf..0a88b8fd4ba22 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1270,6 +1270,7 @@ importers: '@wordpress/dom-ready': 3.22.0 '@wordpress/editor': 12.21.0 '@wordpress/element': 4.20.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.22.0 '@wordpress/icons': 9.13.0 '@wordpress/url': 3.23.0 @@ -1312,6 +1313,7 @@ importers: '@wordpress/dom-ready': 3.22.0 '@wordpress/editor': 12.21.0_qi72e2chmmemxbokngy4ve2xaa '@wordpress/element': 4.20.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.22.0 '@wordpress/icons': 9.13.0 '@wordpress/url': 3.23.0 @@ -4981,6 +4983,7 @@ packages: /@colors/colors/1.5.0: resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==} engines: {node: '>=0.1.90'} + requiresBuild: true dev: true /@dabh/diagnostics/2.0.3: @@ -8956,7 +8959,7 @@ packages: '@wordpress/dom': 3.23.0 '@wordpress/element': 4.20.0 '@wordpress/hooks': 3.23.0 - '@wordpress/html-entities': 3.22.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.23.0 '@wordpress/icons': 9.13.0 '@wordpress/is-shallow-equal': 4.23.0 @@ -9110,7 +9113,7 @@ packages: '@wordpress/dom': 3.23.0 '@wordpress/element': 4.20.0 '@wordpress/hooks': 3.23.0 - '@wordpress/html-entities': 3.22.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.23.0 '@wordpress/is-shallow-equal': 4.23.0 '@wordpress/shortcode': 3.22.0 @@ -9382,7 +9385,7 @@ packages: '@wordpress/data': 7.6.0_react@17.0.2 '@wordpress/deprecated': 3.23.0 '@wordpress/element': 4.20.0 - '@wordpress/html-entities': 3.22.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.23.0 '@wordpress/is-shallow-equal': 4.23.0 '@wordpress/url': 3.23.0 @@ -9577,7 +9580,7 @@ packages: '@wordpress/dom': 3.23.0 '@wordpress/element': 4.20.0 '@wordpress/hooks': 3.23.0 - '@wordpress/html-entities': 3.22.0 + '@wordpress/html-entities': 3.24.0 '@wordpress/i18n': 4.23.0 '@wordpress/icons': 9.13.0 '@wordpress/keyboard-shortcuts': 3.20.0_react@17.0.2 @@ -9721,6 +9724,12 @@ packages: dependencies: '@babel/runtime': 7.20.7 + /@wordpress/html-entities/3.24.0: + resolution: {integrity: sha512-rwvx8aEJb9gRCj/pJ0v7vh6sT7R6G922LQzHc5cObcSm5cmzPz/Wz07+AZkHA1cmCDQdPiDd3yB8X8l+yeFy0A==} + engines: {node: '>=12'} + dependencies: + '@babel/runtime': 7.20.7 + /@wordpress/i18n/4.22.0: resolution: {integrity: sha512-b1nQJhrBilDj3oJql9k9dzlPEJ5vWd36Q0ri0znLBOJUOq2J0jgKwgtC84dun77kBb9Upfi4NZNiBI8OuSbiuA==} engines: {node: '>=12'} diff --git a/projects/packages/videopress/changelog/update-videopress-use-core-pkg-to-handle-entities b/projects/packages/videopress/changelog/update-videopress-use-core-pkg-to-handle-entities new file mode 100644 index 0000000000000..5dca25067a837 --- /dev/null +++ b/projects/packages/videopress/changelog/update-videopress-use-core-pkg-to-handle-entities @@ -0,0 +1,4 @@ +Significance: patch +Type: changed + +VideoPress: use @wordpress/html-entities to handle html entities diff --git a/projects/packages/videopress/package.json b/projects/packages/videopress/package.json index fc44c791bb434..e69c000941ea1 100644 --- a/projects/packages/videopress/package.json +++ b/projects/packages/videopress/package.json @@ -78,6 +78,7 @@ "@wordpress/dom-ready": "3.22.0", "@wordpress/editor": "12.21.0", "@wordpress/element": "4.20.0", + "@wordpress/html-entities": "3.24.0", "@wordpress/i18n": "4.22.0", "@wordpress/icons": "9.13.0", "@wordpress/url": "3.23.0", diff --git a/projects/packages/videopress/src/client/block-editor/hooks/use-video-data/index.ts b/projects/packages/videopress/src/client/block-editor/hooks/use-video-data/index.ts index eef2fe491323a..e65c0386b80d9 100644 --- a/projects/packages/videopress/src/client/block-editor/hooks/use-video-data/index.ts +++ b/projects/packages/videopress/src/client/block-editor/hooks/use-video-data/index.ts @@ -3,11 +3,11 @@ */ import apiFetch from '@wordpress/api-fetch'; import { useEffect, useState } from '@wordpress/element'; +import { decodeEntities } from '@wordpress/html-entities'; /** * Internal dependencies */ import getMediaToken from '../../../lib/get-media-token'; -import { decodeEntities } from '../../../lib/url'; /** * Types */ diff --git a/projects/packages/videopress/src/client/lib/url/index.ts b/projects/packages/videopress/src/client/lib/url/index.ts index b0e83d35ced91..63d0e422bc0eb 100644 --- a/projects/packages/videopress/src/client/lib/url/index.ts +++ b/projects/packages/videopress/src/client/lib/url/index.ts @@ -129,41 +129,3 @@ export function buildVideoPressURL( export const removeFileNameExtension = ( name: string ) => { return name.replace( /\.[^/.]+$/, '' ); }; - -/** - * Helper function to create and return textarea element. - * Based on https://github.com/Automattic/wp-calypso/blob/1ea156fe734d57fdf13cd332e82ac688eacd3bee/client/lib/formatting/decode/browser.js#L9 - * - * > Moreover, using textContent can prevent XSS attacks. - * - * @see https://developer.mozilla.org/en-US/docs/Web/API/Node/textContent#differences_from_innerhtml - * - * It will be used to decode HTML entities, - * As long as element doesn’t get inserted in the DOM, - * we’re good in terms of security, - * since textContent will return the content without evaluating it. - * @returns {HTMLTextAreaElement} - Textarea element - */ -const createTextareaElement = (): HTMLTextAreaElement => { - if ( document.implementation && document.implementation.createHTMLDocument ) { - return document.implementation.createHTMLDocument( '' ).createElement( 'textarea' ); - } - - return document.createElement( 'textarea' ); -}; - -/** - * Decode the given text, replacing HTML entities - * with their corresponding characters. - * - * @param {string} text - Text to decode - * @returns {string} Decoded text - */ -export function decodeEntities( text: string ): string { - // Create temporary element to decode entities - const element = createTextareaElement(); - element.innerHTML = text; - const decoded = element.textContent; - element.innerHTML = ''; - return decoded; -}