fix: parse embeddable srcdoc urls strictly (#7884)

2025-11-30 17:44:30 +01:00 · 2024-04-12 20:51:17 +02:00
parent 4689a6b300
commit afcde542f9
2 changed files with 26 additions and 10 deletions
--- a/packages/excalidraw/data/url.ts
+++ b/packages/excalidraw/data/url.ts
@@ -1,11 +1,15 @@
 import { sanitizeUrl } from "@braintree/sanitize-url";

+export const sanitizeHTMLAttribute = (html: string) => {
+  return html.replace(/"/g, "&quot;");
+};
+
 export const normalizeLink = (link: string) => {
  link = link.trim();
  if (!link) {
    return link;
  }
-  return sanitizeUrl(link);
+  return sanitizeUrl(sanitizeHTMLAttribute(link));
 };

 export const isLocalLink = (link: string | null) => {