From e206e86fb3ee8feb8d41bae290174365014608c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Jan 2023 07:24:21 +0000
Subject: [PATCH] Bump xss from 1.0.9 to 1.0.14 (#15115)

* Bump xss from 1.0.9 to 1.0.14

Bumps [xss](https://github.com/leizongmin/js-xss) from 1.0.9 to 1.0.14.
- [Release notes](https://github.com/leizongmin/js-xss/releases)
- [Changelog](https://github.com/leizongmin/js-xss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/leizongmin/js-xss/compare/v1.0.9...v1.0.14)

---
updated-dependencies:
- dependency-name: xss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Use whitelist type from package

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Steve Repsher <steverep@users.noreply.github.com>
---
 package.json                     |  2 +-
 src/resources/markdown_worker.ts | 14 +++++---------
 yarn.lock                        | 10 +++++-----
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/package.json b/package.json
index 154df6a13e..3383380949 100644
--- a/package.json
+++ b/package.json
@@ -143,7 +143,7 @@
     "workbox-precaching": "^6.5.4",
     "workbox-routing": "^6.5.4",
     "workbox-strategies": "^6.5.4",
-    "xss": "^1.0.9"
+    "xss": "^1.0.14"
   },
   "devDependencies": {
     "@babel/core": "^7.20.2",
diff --git a/src/resources/markdown_worker.ts b/src/resources/markdown_worker.ts
index a69bd9c02e..95c3f6cd07 100644
--- a/src/resources/markdown_worker.ts
+++ b/src/resources/markdown_worker.ts
@@ -2,14 +2,10 @@
 import { expose } from "comlink";
 import { marked } from "marked";
 import "proxy-polyfill";
-import { filterXSS, getDefaultWhiteList } from "xss";
+import { filterXSS, getDefaultWhiteList, IWhiteList } from "xss";
 
-interface WhiteList {
-  [tag: string]: string[];
-}
-
-let whiteListNormal: WhiteList | undefined;
-let whiteListSvg: WhiteList | undefined;
+let whiteListNormal: IWhiteList | undefined;
+let whiteListSvg: IWhiteList | undefined;
 
 // Override the default `onTagAttr` behavior to only render
 // our markdown checkboxes.
@@ -43,7 +39,7 @@ const renderMarkdown = (
 ): string => {
   if (!whiteListNormal) {
     whiteListNormal = {
-      ...(getDefaultWhiteList() as WhiteList),
+      ...getDefaultWhiteList(),
       input: ["type", "disabled", "checked"],
       "ha-icon": ["icon"],
       "ha-svg-icon": ["path"],
@@ -51,7 +47,7 @@ const renderMarkdown = (
     };
   }
 
-  let whiteList: WhiteList | undefined;
+  let whiteList: IWhiteList | undefined;
 
   if (hassOptions.allowSvg) {
     if (!whiteListSvg) {
diff --git a/yarn.lock b/yarn.lock
index 9f9c02a517..0d8090ebee 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9475,7 +9475,7 @@ fsevents@^1.2.7:
     workbox-precaching: ^6.5.4
     workbox-routing: ^6.5.4
     workbox-strategies: ^6.5.4
-    xss: ^1.0.9
+    xss: ^1.0.14
   languageName: unknown
   linkType: soft
 
@@ -16608,15 +16608,15 @@ typescript@^3.8.3:
   languageName: node
   linkType: hard
 
-"xss@npm:^1.0.9":
-  version: 1.0.9
-  resolution: "xss@npm:1.0.9"
+"xss@npm:^1.0.14":
+  version: 1.0.14
+  resolution: "xss@npm:1.0.14"
   dependencies:
     commander: ^2.20.3
     cssfilter: 0.0.10
   bin:
     xss: bin/xss
-  checksum: fdb5e60e51be4edd3a694f92a910f3cd55e3d4746fcf53133863e4d40572c9b4ab1ce8e0011645c776c61f86c5a2ff9fc3e02554766e987bc0bf27d16cd3b407
+  checksum: 77c6a60a5f96490098ef837c3b49321c0f31963f323c748cb0a01bc02fc6e465a6accbe4c54cad62f8d6ffe647d984be173879433af861883f6213d9416d3f53
   languageName: node
   linkType: hard