n8n/packages/editor-ui/src/utils.ts

import xss, { friendlyAttrValue } from 'xss';

export const omit = (keyToOmit: string, { [keyToOmit]: _, ...remainder }) => remainder;

export function isObjectLiteral(maybeObject: unknown): maybeObject is { [key: string]: string } {
	return typeof maybeObject === 'object' && maybeObject !== null && !Array.isArray(maybeObject);
}

export function isJsonKeyObject(item: unknown): item is {
	json: unknown;
	[otherKeys: string]: unknown;
} {
	if (!isObjectLiteral(item)) return false;

	return Object.keys(item).includes('json');
}

export function sanitizeHtml(dirtyHtml: string) {
	const allowedAttributes = ['href','name', 'target', 'title', 'class', 'id'];
	const allowedTags = ['p', 'strong', 'b', 'code', 'a', 'br', 'i', 'em', 'small' ];

	const sanitizedHtml = xss(dirtyHtml, {
		onTagAttr: (tag, name, value) => {
			if (tag === 'img' && name === 'src') {
				// Only allow http requests to supported image files from the `static` directory
				const isImageFile = value.split('#')[0].match(/\.(jpeg|jpg|gif|png|webp)$/) !== null;
				const isStaticImageFile = isImageFile && value.startsWith('/static/');
				if (!value.startsWith('https://') && !isStaticImageFile) {
					return '';
				}
			}

			// Allow `allowedAttributes` and all `data-*` attributes
			if(allowedAttributes.includes(name) || name.startsWith('data-')) return `${name}="${friendlyAttrValue(value)}"`;

			return;
			// Return nothing, means keep the default handling measure
		},
		onTag: (tag) => {
			if(!allowedTags.includes(tag)) return '';
			return;
		},
	});

	return sanitizedHtml;
}

export const isEmpty = (value?: unknown): boolean => {
	if (!value && value !== 0) return true;
	if(Array.isArray(value)){
		if(!value.length) return true;
		return value.every(isEmpty);
	}
	if (typeof value === 'object') {
		return Object.values(value).every(isEmpty);
	}
	return false;
};
feat(editor): Implement HTML sanitization for Notification and Message components (#4081) * feat(editor): Implement HTML sanitization when using `dangerouslyUseHTMLString` option of Notification and Message components * :bug: Implement mechanism to allow for A href actions from locale strings * :bug: Prevent link action default * :recycle: Use `xss` library instead of `sanitize-html` to handle sanitization * :fire: Remove `onLinkClick` functionality of `$showMessage` 2022-09-13 08:39:47 -07:00			`import xss, { friendlyAttrValue } from 'xss';`

refactor(editor): Move `nodeTypes` into store module (#3799) * :zap: Refactor `nodeTypes` into store module * :zap: Fix condition * :fire: Remove leftovers * :zap: Move `getNodeTranslationHeaders`, `getNodesInformation`, `getNodeParameterOptions` * :zap: Move leftover call * :zap: Correct excess prefix * :truck: Rename `nodeType` to `getNodeType` * :truck: Move logic to `getFullNodesProperties` * :zap: Simplify `getNodeType` * :zap: Refactor `nodeTypes` mutations * :zap: Refactor `Vue.set` call * :zap: Simplify check * :truck: Move export to bottom * :blue_book: Simplify typing * :fire: Remove unused interface * :shirt: Add `void` * :truck: Fix naming * :fire: Remove logging * :zap: Simplify `updateNodeTypes` * :truck: Move `omit` to utils * :bug: Update `rootGetters` call * :bug: Fix `allNodeTypes` call in `nativelyNumberSuffixedDefaults` * :fire: Remove unused method * :fire: Remove excess namespace Co-authored-by: Mutasem <mutdmour@gmail.com> 2022-08-01 13:43:50 -07:00			`export const omit = (keyToOmit: string, { [keyToOmit]: _, ...remainder }) => remainder;`
feat(core, editor): Support `pairedItem` for pinned data (#3843) * :blue_book: Adjust interface * :zap: Adjust pindata in state store * :sparkles: Add utils * :zap: Replace utils calls * :zap: Adjust pindata intake and display * :fire: Remove excess BE fixes * :pencil: Update comment * :test_tube: Adjust tests * :fire: Remove unneeded helper * :truck: Improve naming * :broom: Clean up `ormconfig.ts` * :blue_book: Add types and type guards * :zap: Improve serializer for sqlite * :sparkles: Create migration utils * :zap: Set up sqlite serializer * :card_file_box: Write sqlite migration * :card_file_box: Write MySQL migration * :card_file_box: Write Postgres migration * :zap: Add imports and exports to barrels * :truck: Rename `runChunked` to `runInBatches` * :zap: Improve migration loggers * :recycle: Address feedback * :truck: Improve naming 2022-08-22 08:46:22 -07:00
			`export function isObjectLiteral(maybeObject: unknown): maybeObject is { [key: string]: string } {`
			`return typeof maybeObject === 'object' && maybeObject !== null && !Array.isArray(maybeObject);`
			`}`

			`export function isJsonKeyObject(item: unknown): item is {`
			`json: unknown;`
			`[otherKeys: string]: unknown;`
			`} {`
			`if (!isObjectLiteral(item)) return false;`

			`return Object.keys(item).includes('json');`
			`}`
feat(editor): Implement HTML sanitization for Notification and Message components (#4081) * feat(editor): Implement HTML sanitization when using `dangerouslyUseHTMLString` option of Notification and Message components * :bug: Implement mechanism to allow for A href actions from locale strings * :bug: Prevent link action default * :recycle: Use `xss` library instead of `sanitize-html` to handle sanitization * :fire: Remove `onLinkClick` functionality of `$showMessage` 2022-09-13 08:39:47 -07:00
			`export function sanitizeHtml(dirtyHtml: string) {`
			`const allowedAttributes = ['href','name', 'target', 'title', 'class', 'id'];`
			`const allowedTags = ['p', 'strong', 'b', 'code', 'a', 'br', 'i', 'em', 'small' ];`

			`const sanitizedHtml = xss(dirtyHtml, {`
			`onTagAttr: (tag, name, value) => {`
			`if (tag === 'img' && name === 'src') {`
			// Only allow http requests to supported image files from the `static` directory
			`const isImageFile = value.split('#')[0].match(/\.(jpeg\|jpg\|gif\|png\|webp)$/) !== null;`
			`const isStaticImageFile = isImageFile && value.startsWith('/static/');`
			`if (!value.startsWith('https://') && !isStaticImageFile) {`
			`return '';`
			`}`
			`}`

			// Allow `allowedAttributes` and all `data-*` attributes
			if(allowedAttributes.includes(name) \|\| name.startsWith('data-')) return `${name}="${friendlyAttrValue(value)}"`;

			`return;`
			`// Return nothing, means keep the default handling measure`
			`},`
			`onTag: (tag) => {`
			`if(!allowedTags.includes(tag)) return '';`
			`return;`
			`},`
			`});`

			`return sanitizedHtml;`
			`}`
feat(editor-ui): JSON mapping (#4270) * refactor(editor-ui): update 'vue-json-pretty' and adjust component to preserve same behaviour (#4152) * fix(editor-ui): export interface to solve 'TS4082: Default export of the module has or is using private name' error temporarily * refactor(editor-ui): update 'vue-json-pretty' and adjust component to preserve same behaviour * refactor(editor-ui): move json data view into its own component (#4158) * refactor(editor-ui): move json data view into its own component * fix(editor-ui): make JSON data component work again * fix(editor-ui): JSON data component type issues * fix(editor-ui): JSON data component prop 'inputData' * refactor(editor-ui): rename helper function * fix(editor-ui): add declaration to `vue-json-pretty` component * refactor(editor-ui): JSON mapping move more logic to new component * refactor(editor-ui): some cleanup in JSON mapping component * refactor(editor-ui): changing key mapping translation * refactor(editor-ui): add basic drag'n'drop functionality to JSON view * refactor(editor-ui): moving JSON view actions into separate components * fix(editor-ui): JSON view action copy default selected path * fix(editor-ui): refactor draggable to play nicer with other (3rd party) components * fix(editor-ui): improve draggable performance * fix(editor-ui): add disable user selection class to body * fix(editor-ui): reduce click handler cognitive load in JSON view copy actions * fix(editor-ui): JSON view mapped path * fix(editor-ui): remove unnecessary wrapper around RunDataTable.vue * fix(editor-ui): respect input node distance when json parameter path is copied * fix(editor-ui): JSON mapping property highlight * fix(editor-ui): block event only on mousemove for draggable to not select content * refactor(editor-ui): fixing prop types and organising imports * fix(editor-ui): JSON view use double quotes where appropriate * fix(editor-ui): fix new package additions after merge conflict * fix(editor-ui): fix package update after merge conflict * fix(editor-ui): JSON view prop names text break * fix(editor-ui): use kebab-case name for component * fix(editor-ui): calling convertPath on draggable node path * feat(editor-ui): add mapping discoverability tooltip to mappable inputs (#4227) * refactor(editor-ui): move json data view into its own component * fix(editor-ui): make JSON data component work again * fix(editor-ui): JSON data component type issues * fix(editor-ui): JSON data component prop 'inputData' * refactor(editor-ui): rename helper function * fix(editor-ui): add declaration to `vue-json-pretty` component * refactor(editor-ui): JSON mapping move more logic to new component * refactor(editor-ui): some cleanup in JSON mapping component * refactor(editor-ui): changing key mapping translation * refactor(editor-ui): add basic drag'n'drop functionality to JSON view * refactor(editor-ui): moving JSON view actions into separate components * fix(editor-ui): JSON view action copy default selected path * fix(editor-ui): refactor draggable to play nicer with other (3rd party) components * fix(editor-ui): improve draggable performance * fix(editor-ui): add disable user selection class to body * fix(editor-ui): reduce click handler cognitive load in JSON view copy actions * fix(editor-ui): JSON view mapped path * fix(editor-ui): remove unnecessary wrapper around RunDataTable.vue * fix(editor-ui): respect input node distance when json parameter path is copied * fix(editor-ui): JSON mapping property highlight * fix(editor-ui): block event only on mousemove for draggable to not select content * refactor(editor-ui): fixing prop types and organising imports * fix(editor-ui): JSON view use double quotes where appropriate * fix(editor-ui): fix new package additions after merge conflict * fix(editor-ui): fix package update after merge conflict * fix(editor-ui): JSON view prop names text break * fix(editor-ui): update helper after merge conflict * refactor(editor-ui): cleanup RunaDataTable tooltips * refactor(editor-ui): add temporary static tooltip to input with mapping * fix(editor-ui): input mapping tooltip proper input name * fix(editor-ui): show input mapping tooltip when conditions are met * fix(editor-ui): show different input mapping tooltip for different view types (table, json) * fix(editor-ui): drop lodash isEmpty * fix(editor-ui): using and keeping only getter function * fix(editor-ui): check `INodeExecutionData[]` array emptyness (still needs some improvement) * feat(editor-ui): add telemetry calls to data mapping (#4250) * fix(editor-ui): add types package for jsonpath * fix(editor-ui): JSON view drag'n'drop telemetry call * fix(editor-ui): add data mapping tooltip close telemetry to parameter input * fix(editor-ui): execute previous node tooltip linebreak * fix(editor-ui): input data mapping tooltip show-hide logic * fix(editor-ui): input data mapping tooltip position * fix(editor-ui): using a placeholder gif in mapping discoverability tooltip * refactor(design-system): adding optional configurable buttons to tooltip (#4260) * refactor(design-system): unbreaking wrapper around element ui tooltip * fix(design-system): update test snapshot * refactor(design-system): adding buttons to tooltip * fix(design-system): update test snapshot * fix(design-system): change tooltip props and some cleanup * fix(design-system): update test snapshot * chore: fix package lock file after merge * fix(editor-ui): modifications according to Max's review (#4273) * fix(editor-ui): modifications according to Max's review * fix(editor-ui): JSON prop names should not be written bold * fix(editor-ui): use proper animated gif in JSON data mapping discoverability tooltip 2022-10-06 06:03:55 -07:00
			`export const isEmpty = (value?: unknown): boolean => {`
			`if (!value && value !== 0) return true;`
			`if(Array.isArray(value)){`
			`if(!value.length) return true;`
			`return value.every(isEmpty);`
			`}`
			`if (typeof value === 'object') {`
			`return Object.values(value).every(isEmpty);`
			`}`
			`return false;`
			`};`