Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Ignore emoji shorthand codes in URIs #1847

Merged
merged 4 commits into from
Aug 3, 2022
Merged

Conversation

socsieng
Copy link
Contributor

@socsieng socsieng commented Jul 30, 2022

Fixes: #1823,
Fixes: #1839

Summary

Fixes an issue related to unintentional processing of emoji shorthand codes when included in a URI

What kind of change does this PR introduce?

Bugfix

For any code change,

  • Related documentation has been updated if needed
  • Related tests have been updated or tests have been added

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

If yes, please describe the impact and migration path for existing applications:

Related issue, if any:

Tested in the following browsers:

Using: https://codesandbox.io/s/thirsty-fog-inwfl8

  • Chrome
  • Firefox
  • Safari
  • Edge
  • IE

@vercel
Copy link

vercel bot commented Jul 30, 2022

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
docsify-preview ✅ Ready (Inspect) Visit Preview Sep 2, 2022 at 10:53PM (UTC)

@codesandbox-ci
Copy link

codesandbox-ci bot commented Jul 30, 2022

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 62069de:

Sandbox Source
docsify-template Configuration
clever-pond-ide4hb PR
crazy-cdn-m0skqy Issue #1823
nice-mclaren-lbeew1 Issue #1823

Copy link
Member

@jhildenbiddle jhildenbiddle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting the PR, @socsieng.

There is a much easier fix: simply add a to the existing list of tags that are being marked:

// Mark colons in tags
.replace(
/<(code|pre|script|template)[^>]*?>[\s\S]+?<\/(code|pre|script|template)>/g,
m => m.replace(/:/g, '__colon__')
)

Change this line:

/<(code|pre|script|template)[^>]*?>[\s\S]+?<\/(code|pre|script|template)>/g,

To this:

/<(a|code|pre|script|template)[^>]*?>[\s\S]+?<\/(a|code|pre|script|template)>/g,

This fix also addresses an issue with the regex you were using in your initial PR.

src/core/render/emojify.js Outdated Show resolved Hide resolved
@socsieng
Copy link
Contributor Author

socsieng commented Jul 30, 2022

Wouldn't marking the a tags be too broad? I can imagine emojis being used in the content of a tags today.

src/core/render/emojify.js Outdated Show resolved Hide resolved
src/core/render/emojify.js Outdated Show resolved Hide resolved
Examples:

- Without explicit scheme (i.e. starting with `//`)
- In single and double quote strings
- Within unquoted HTML tag attributes
- In css `url()` values
Copy link
Member

@jhildenbiddle jhildenbiddle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks again, @socsieng.

@jhildenbiddle jhildenbiddle requested review from a team August 3, 2022 01:43
Copy link
Member

@sy-records sy-records left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you!

@sy-records sy-records merged commit 3c9b3d9 into docsifyjs:develop Aug 3, 2022
@socsieng
Copy link
Contributor Author

socsieng commented Aug 3, 2022

Any ideas about when these changes will be available in npm?

@sy-records
Copy link
Member

Not sure when npm will be released.

But you can try https://github.com/sy-records/docsify-nightly

@trusktr
Copy link
Member

trusktr commented Aug 3, 2022

You can also try installing from github using npm. To install from develop:

npm install "docsify@docsifyjs/docsify#develop"

Or to install from a commit:

npm install "docsify@docsifyjs/docsify#3c9b3d9702bb05a5ff45a4ce4233e144cf1ebecb"

Or any git ref:

npm install "docsify@docsifyjs/docsify#<GIT_REF_GOES_HERE>"

which can be a tag, branch, etc.

@socsieng
Copy link
Contributor Author

socsieng commented Aug 3, 2022

Thanks. Appreciate the help.

I was more wondering what the timelines were to determine if I should wait for a formal package update or if I should use a github based version.

@jhildenbiddle
Copy link
Member

@socsieng --

I think we're close to pushing an update. There's one other PR that I'd like to see merged before we do so, but otherwise I don't think anyone would have an issue pushing a new minor or patch release (have to check history to determine which would be appropriate). I'll see if I can wrap that up today or tomorrow.

Koooooo-7 added a commit that referenced this pull request Oct 26, 2022
* fix: packages/docsify-server-renderer/package.json & packages/docsify-server-renderer/package-lock.json to reduce vulnerabilities (#1715)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOCSIFY-1090577

* fix: correctly fix missing +1, -1 (#1722)

* Update LICENSE

* mention that SSR is experimental and incomplete, prevent people from using it thinking it is ready for prime time

* refactor: Update test environments and lint configuration (#1736)

* Update test environments and lint configuration

Update Jest (unit + integration) and Playwright (e2e) test environments. Includes stability improvements for e2e tests using newer, more stable methods per the Playwright docs.

- Update Jest 26 => 27
- Update Jest-related libs (babel parser)
- Update Playwright 1.8 => Playwright Test 1.18
- Update GitHub CI (action versions, job parallelization, and matrices)
- Update ESLint 5 => 8
- Update ESLint-related libs (parser, prettier, Jest, Playwright)
- Fix test failures on M1-based Macs
- Fix e2e stability issues by replacing PW $ method calls
- Fix ESLint errors
- Fix incorrect CI flag on Jest runs (-ci => --ci)
- Refactor e2e test runner from Jest to Playwright Test
- Refactor e2e test files for Playwright Test
- Refactor fix-lint script name to lint:fix for consistency
- Refactor npm scripts order for readability
- Remove unnecessary configs and libs
- Remove example image snapshots

* chore: bump node-fetch in /packages/docsify-server-renderer (#1738)

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.6 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.6...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: update readme (#1740)

* fix: Coverpage when content > viewport height (#1744)

* fix: .gitignore paths
* fix: Coverpage when content > viewport height

fix #381

* chore: sync emojis (#1745)

* fix: Legacy bugs (styles, site plugin error, and dev server error) (#1743)

* Add try/catch w/ error message to plugin calls

* Update lifecycle.js

* Update lifecycle.js

* Fix docsify-plugin-carbon error

* Fix ESLint errors

* Simplify conditional JS loading

* Fix styles in legacy browser w/o CSS var support

* Fix gitignore paths

* Fix BrowserSync IE error

* Fix search field presentation in IE11

- Removed fixed height and allow element to size naturally via font-size and padding
- Remove default "x" rendered on IE input fields

* Revert "Update lifecycle.js"

This reverts commit 2a58be6.

* Revert "Update lifecycle.js"

This reverts commit 67c5410.

* Revert "Add try/catch w/ error message to plugin calls"

This reverts commit 631e924.

* Fix docsify-plugin-carbon error & ESLint errors

Co-authored-by: 沈唁 <52o@qq52o.cn>

* fix: package.json & package-lock.json to reduce vulnerabilities (#1756)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-2404333

* chore: bump follow-redirects from 1.14.7 to 1.14.9 (#1757)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.9.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump prismjs in /packages/docsify-server-renderer (#1760)

Bumps [prismjs](https://github.com/PrismJS/prism) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](PrismJS/prism@v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: Native emoji w/ image-based fallbacks and improved parsing (#1746)

* Render native emoji with image fallback

Fix #779

* Deprecate emoji plugin

* Add emoji tests

* Remove console.log statement

* Fix emoji image alt attribute

* Set nativeEmoji to false by default (non-breaking)

* Fix parsing emoji in HTML comments and script tags

* Add nativeEmoji and update noEmoji details

* Add Emoji plugin deprecation notice

* Fix ESLint issues

* Create build:emoji task

- Auto-generate emoji data from GitHub API
- Auto-generate emoji markdown for website
- Add emoji page to navigation

* Fix rendering of GitHub emoji without unicode

* Adjust and match size of native and image emoji

* Update emoji test snapshot

* Update docs test snapshot

* Fix ci/codesandbox error

* Update native emoji font-stack

* Fix rendering of native multi-character emoji

* Kick GitHub Workflow

* Replace rollup’s uglify plugin with terser

* Switch “npm ci” instead of “npm i” for stability

* Change emoji data from default to named export

* Revert "Replace rollup’s uglify plugin with terser"

This reverts commit 7ba8513.

* Revert "Switch “npm ci” instead of “npm i” for stability"

This reverts commit d52b476.

* Revert "Change emoji data from default to named export"

This reverts commit 3f2dd46.

* Specify codesandbox template and node version

* Update codesandbox config

* Revert "Revert "Replace rollup’s uglify plugin with terser""

This reverts commit e06fed4.

* Revert "Revert "Revert "Replace rollup’s uglify plugin with terser"""

This reverts commit 27d4952.

* Update codesandbox config

* Revert "Update codesandbox config"

This reverts commit 5120dd2.

* Fix codesandbox uglify error

* Emoji docs tweaks

* Restore and update emoji plugin code

* Restore and update emoji plugin docs

* Prettier updates

* Match lowercase shortcodes only

Co-authored-by: Koy Zhuang <369491420@qq.com>

* feat: Emoji build (#1766)

* Fix incorrect file name

* Improve build

- Display emoji API URL
- Display number of emoji entries retrieved from API
- Distinguish between creating and updating files
- Catch and display errors (gracefully fail for offline work)
- Add “DO NOT EDIT” comment to generated output

* Add emoji to automated build

* Remove emoji plugin from dev index.html

* chore: Remove dompurify (#1490)

* chore: update develop branch preview link (#1772)

* feat: Plugin error handling (#1742)

* Fix: ready/doneEach order with async afterEach (#1770)

* docs: Update configuration options (#1773)

* docs: Minor fixes to plugin docs (#1774)

* chore: update vercel link (#1775)

* chore: update vercel link

* chore: update vercel logo (#1776)

* chore: update vercel logo

* chore: update vercel logo

* chore: remove vercel link form github pages

* chore: update style

* chore: update readme

* chore: update readme

* chore: update readme

* chore: Update CONTRIBUTING.md (#1782)

Update URL of "How to Contribute to an Open Source Project on GitHub" link. The old one send the user to a 404 page where egghead suggest the new and correct URL. So, this change send the user direct to the correct URL.

* chore: bump minimist from 1.2.5 to 1.2.6 (#1787)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Virtual Routes Support (#1799)

* add first test

* new VirtualRoutes mixin that handles routes. fetch tries to use VirtualRoutes. default config updated

* cover all basic use cases

* regex matching in routes

* covered all virtual routes tests

* added hack to fix config test on firefox

* removed formatting regex matches into string routes

* added support for "next" function

* added docs

* navigate now supports both hash and history routerModes

* waiting for networkidle in navigateToRoute helper

* promiseless implementation

* remove firefox workaround from catchPluginErrors test, since we no longer use promises

* updated docs

* updated docs for "alias" as well

* minor rephrasing

* removed non-legacy code from exact-match; updated navigateToRoute helper to infer router mode from page

* moved endsWith from router utils to general utils; added startsWith util; refactored makeExactMatcher to use both

* updated docs per feedback

* moved navigateToRoute helper into the virtual-routes test file

* moved navigateToRoute to top of file

* updated docs per pr comments

* docs: update the name for "Simplified Chinese" (#1811)

* update the name for "Simplified Chinese"

* update the name for "Simplified Chinese"

* update the name for "Simplified Chinese"

* fix: cornerExternalLinkTarget config. (#1814)

* Improve README.md sentence (#1817)

* chore: bump jpeg-js from 0.4.3 to 0.4.4 (#1820)

Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/eugeneware/jpeg-js/releases)
- [Commits](jpeg-js/jpeg-js@v0.4.3...v0.4.4)

---
updated-dependencies:
- dependency-name: jpeg-js
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump parse-url from 6.0.0 to 6.0.2 (#1833)

Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 6.0.0 to 6.0.2.
- [Release notes](https://github.com/IonicaBizau/parse-url/releases)
- [Commits](https://github.com/IonicaBizau/parse-url/commits)

---
updated-dependencies:
- dependency-name: parse-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Docs: Fix plugin insertion order in docs (#1850)

* fix: Ignore emoji shorthand codes in URIs (#1847)

* fix: Ignore emoji shorthand codes in URIs

Fixes: #1823

* test: Add test for emoji in anchor body

* fix: Handle support for URIs used in additional contexts

Examples:

- Without explicit scheme (i.e. starting with `//`)
- In single and double quote strings
- Within unquoted HTML tag attributes
- In css `url()` values

Co-authored-by: John Hildenbiddle <jhildenbiddle@users.noreply.github.com>

* fix: fix docsify-ignore in seach title. (#1872)

* fix: fix search with no content. (#1878)

* docs: Update GitHub default branch from to 'main' (#1883)

* chore: upgrade caniuse-lit. (#1879)

* chore: bump trim-newlines and lerna (#1895)

Bumps [trim-newlines](https://github.com/sindresorhus/trim-newlines) and [lerna](https://github.com/lerna/lerna/tree/HEAD/core/lerna). These dependencies needed to be updated together.

Updates `trim-newlines` from 1.0.0 to 3.0.1
- [Release notes](https://github.com/sindresorhus/trim-newlines/releases)
- [Commits](https://github.com/sindresorhus/trim-newlines/commits)

Updates `lerna` from 3.22.1 to 5.5.1
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/main/core/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v5.5.1/core/lerna)

---
updated-dependencies:
- dependency-name: trim-newlines
  dependency-type: indirect
- dependency-name: lerna
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: filter null node first. (#1909)

* [build]: 4.12.3

* [build] 4.12.4

* chore: add changelog 4.12.4

* update: update dependencies.

* fix: fix test.

* fix: upgrade dependencies.

* [build] 4.13.0

* chore: add changelog 4.13.0

* chore: add changelog v4.13.0

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Snyk bot <snyk-bot@snyk.io>
Co-authored-by: ChoKaPeek <ChoKaPeek@users.noreply.github.com>
Co-authored-by: Joe Pea <joe@trusktr.io>
Co-authored-by: John Hildenbiddle <jhildenbiddle@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: 沈唁 <52o@qq52o.cn>
Co-authored-by: Bernal I. Hernández <102492790+bernalherndz@users.noreply.github.com>
Co-authored-by: Roy Sommer <illBeRoy@users.noreply.github.com>
Co-authored-by: Xavi Lee <awxiaoxian2020@163.com>
Co-authored-by: Shaun Bharat <79479981+shaunbharat@users.noreply.github.com>
Co-authored-by: Soc Sieng <socsieng@users.noreply.github.com>
Co-authored-by: Mike Mwanje <mwanjemike767@gmail.com>
@Koooooo-7 Koooooo-7 mentioned this pull request Oct 26, 2022
Koooooo-7 pushed a commit that referenced this pull request Oct 26, 2022
* fix: Ignore emoji shorthand codes in URIs

Fixes: #1823

* test: Add test for emoji in anchor body

* fix: Handle support for URIs used in additional contexts

Examples:

- Without explicit scheme (i.e. starting with `//`)
- In single and double quote strings
- Within unquoted HTML tag attributes
- In css `url()` values

Co-authored-by: John Hildenbiddle <jhildenbiddle@users.noreply.github.com>
Koooooo-7 added a commit that referenced this pull request Oct 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants