From 1a000226b07a43f20df645d5470183eb8a45dbd3 Mon Sep 17 00:00:00 2001 From: Yukai Huang Date: Fri, 28 Feb 2020 15:46:44 +0800 Subject: [PATCH] fix: unwrap the geo div and throw error when input location search not found also fix the CSP rule that the img with data src might be violated Signed-off-by: Yukai Huang Co-authored-by: Max Wu --- lib/csp.js | 2 +- public/js/extra.js | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/csp.js b/lib/csp.js index 8d781567..3aafa03d 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -7,7 +7,7 @@ var defaultDirectives = { defaultSrc: ['\'self\''], scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 - imgSrc: ['*'], + imgSrc: ['*', 'data:'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ diff --git a/public/js/extra.js b/public/js/extra.js index eca85bb8..f8890e1c 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -453,10 +453,13 @@ export function finishView (view) { console.warn(err) } }) + // geo map view.find('div.geo.raw').removeClass('raw').each(async function (key, value) { const $elem = $(value).parent().parent() const $value = $(value) const content = $value.text() + $value.unwrap() + try { let position, zoom if (content.match(/^[\d.,\s]+$/)) { @@ -466,6 +469,9 @@ export function finishView (view) { } else { // parse value as address const data = await fetch(`https://nominatim.openstreetmap.org/search?q=${encodeURIComponent(content)}&format=json`).then(r => r.json()) + if (!data || !data.length) { + throw new Error('Location not found') + } const { lat, lon } = data[0] position = [lat, lon] }