Bump xss from 1.0.9 to 1.0.14 (#15115)

* Bump xss from 1.0.9 to 1.0.14 Bumps [xss](https://github.com/leizongmin/js-xss) from 1.0.9 to 1.0.14. - [Release notes](https://github.com/leizongmin/js-xss/releases) - [Changelog](https://github.com/leizongmin/js-xss/blob/master/CHANGELOG.md) - [Commits](https://github.com/leizongmin/js-xss/compare/v1.0.9...v1.0.14) --- updated-dependencies: - dependency-name: xss dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Use whitelist type from package Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Steve Repsher <steverep@users.noreply.github.com>
2025-07-25 18:26:35 +00:00 · 2023-01-16 07:24:21 +00:00 · 2023-01-16 07:24:21 +00:00 · e206e86fb3
commit e206e86fb3
parent 21f3eb9103
3 changed files with 11 additions and 15 deletions
--- a/package.json
+++ b/package.json
@ -143,7 +143,7 @@
    "workbox-precaching": "^6.5.4",
    "workbox-routing": "^6.5.4",
    "workbox-strategies": "^6.5.4",
-    "xss": "^1.0.9"
+    "xss": "^1.0.14"
  },
  "devDependencies": {
    "@babel/core": "^7.20.2",
--- a/src/resources/markdown_worker.ts
+++ b/src/resources/markdown_worker.ts
@ -2,14 +2,10 @@
 import { expose } from "comlink";
 import { marked } from "marked";
 import "proxy-polyfill";
-import { filterXSS, getDefaultWhiteList } from "xss";
+import { filterXSS, getDefaultWhiteList, IWhiteList } from "xss";
-interface WhiteList {
+let whiteListNormal: IWhiteList | undefined;
-  [tag: string]: string[];
+let whiteListSvg: IWhiteList | undefined;
 }
 let whiteListNormal: WhiteList | undefined;
 let whiteListSvg: WhiteList | undefined;
 // Override the default `onTagAttr` behavior to only render
 // our markdown checkboxes.
@ -43,7 +39,7 @@ const renderMarkdown = (
 ): string => {
  if (!whiteListNormal) {
    whiteListNormal = {
-      ...(getDefaultWhiteList() as WhiteList),
+      ...getDefaultWhiteList(),
      input: ["type", "disabled", "checked"],
      "ha-icon": ["icon"],
      "ha-svg-icon": ["path"],
@ -51,7 +47,7 @@ const renderMarkdown = (
    };
  }
-  let whiteList: WhiteList | undefined;
+  let whiteList: IWhiteList | undefined;
  if (hassOptions.allowSvg) {
    if (!whiteListSvg) {
--- a/yarn.lock
+++ b/yarn.lock
@ -9475,7 +9475,7 @@ fsevents@^1.2.7:
    workbox-precaching: ^6.5.4
    workbox-routing: ^6.5.4
    workbox-strategies: ^6.5.4
-    xss: ^1.0.9
+    xss: ^1.0.14
  languageName: unknown
  linkType: soft
@ -16608,15 +16608,15 @@ typescript@^3.8.3:
  languageName: node
  linkType: hard
-"xss@npm:^1.0.9":
+"xss@npm:^1.0.14":
-  version: 1.0.9
+  version: 1.0.14
-  resolution: "xss@npm:1.0.9"
+  resolution: "xss@npm:1.0.14"
  dependencies:
    commander: ^2.20.3
    cssfilter: 0.0.10
  bin:
    xss: bin/xss
-  checksum: fdb5e60e51be4edd3a694f92a910f3cd55e3d4746fcf53133863e4d40572c9b4ab1ce8e0011645c776c61f86c5a2ff9fc3e02554766e987bc0bf27d16cd3b407
+  checksum: 77c6a60a5f96490098ef837c3b49321c0f31963f323c748cb0a01bc02fc6e465a6accbe4c54cad62f8d6ffe647d984be173879433af861883f6213d9416d3f53
  languageName: node
  linkType: hard