yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Add stricter validation around image file type uploads (#3324)

Browse Source 
* fix: Add stricter validation around image file type uploads

* revert backend restrictions, we want to allow unsupported images as file attachments
This commit is contained in:
Tom Moor
2022-04-01 19:26:27 -07:00
committed by GitHub
parent aa05b483fd
commit fde053ebc8
3 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/editor/components/CommandMenu.tsx
View File

@@ -10,6 +10,7 @@ import insertFiles from "@shared/editor/commands/insertFiles";
import { CommandFactory } from "@shared/editor/lib/Extension"; import { CommandFactory } from "@shared/editor/lib/Extension";
import filterExcessSeparators from "@shared/editor/lib/filterExcessSeparators"; import filterExcessSeparators from "@shared/editor/lib/filterExcessSeparators";
import { EmbedDescriptor, MenuItem } from "@shared/editor/types"; import { EmbedDescriptor, MenuItem } from "@shared/editor/types";
import { supportedImageMimeTypes } from "@shared/utils/files";
import getDataTransferFiles from "@shared/utils/getDataTransferFiles"; import getDataTransferFiles from "@shared/utils/getDataTransferFiles";
import { Dictionary } from "~/hooks/useDictionary"; import { Dictionary } from "~/hooks/useDictionary";
import Input from "./Input"; import Input from "./Input";
@@ -179,7 +180,7 @@ class CommandMenu<T = MenuItem> extends React.Component<Props<T>, State> {
insertItem = (item: any) => { insertItem = (item: any) => {
switch (item.name) { switch (item.name) {
case "image": case "image":
return this.triggerFilePick("image/*"); return this.triggerFilePick(supportedImageMimeTypes.join(", "));
case "attachment": case "attachment":
return this.triggerFilePick("*"); return this.triggerFilePick("*");
case "embed": case "embed":

3
shared/editor/nodes/Image.tsx
View File

@@ -11,6 +11,7 @@ import {
import * as React from "react"; import * as React from "react";
import ImageZoom from "react-medium-image-zoom"; import ImageZoom from "react-medium-image-zoom";
import styled from "styled-components"; import styled from "styled-components";
import { supportedImageMimeTypes } from "../../utils/files";
import getDataTransferFiles from "../../utils/getDataTransferFiles"; import getDataTransferFiles from "../../utils/getDataTransferFiles";
import insertFiles, { Options } from "../commands/insertFiles"; import insertFiles, { Options } from "../commands/insertFiles";
import { MarkdownSerializerState } from "../lib/markdown/serializer"; import { MarkdownSerializerState } from "../lib/markdown/serializer";
@@ -411,7 +412,7 @@ export default class Image extends Node {
// create an input element and click to trigger picker // create an input element and click to trigger picker
const inputElement = document.createElement("input"); const inputElement = document.createElement("input");
inputElement.type = "file"; inputElement.type = "file";
inputElement.accept = "image/*"; inputElement.accept = supportedImageMimeTypes.join(", ");
inputElement.onchange = (event: Event) => { inputElement.onchange = (event: Event) => {
const files = getDataTransferFiles(event); const files = getDataTransferFiles(event);
insertFiles(view, event, state.selection.from, files, { insertFiles(view, event, state.selection.from, files, {

18
shared/utils/files.ts
View File

@@ -19,3 +19,21 @@ export const bytesToHumanReadable = (bytes: number) => {
" kMGTPEZY"[out.length] " kMGTPEZY"[out.length]
}B`; }B`;
}; };
/**
* An array of image mimetypes commonly supported by modern browsers
*/
export const supportedImageMimeTypes = [
"image/jpg",
"image/jpeg",
"image/pjpeg",
"image/png",
"image/apng",
"image/avif",
"image/gif",
"image/webp",
"image/svg",
"image/svg+xml",
"image/bmp",
"image/tiff",
];