chore: upgrade marked

frontend/package.json

@@ -43,7 +43,7 @@
     "jsdom": "25.0.1",
     "jwt-decode": "4.0.0",
     "lodash-es": "4.17.21",
-    "marked": "12.0.2",
+    "marked": "15.0.2",
     "marked-alert": "2.1.2",
     "marked-extended-tables": "1.0.10",
     "marked-linkify-it": "3.1.12",
@@ -83,12 +83,12 @@
     "@types/qs": "6.9.17",
     "@unocss/nuxt": "0.64.1",
     "eslint-import-resolver-alias": "1.1.2",
-    "eslint-plugin-oxlint": "0.13.0",
+    "eslint-plugin-oxlint": "0.13.1",
     "eslint-plugin-unicorn": "56.0.1",
     "husky": "9.1.7",
     "lint-staged": "15.2.10",
     "nuxt": "3.14.1592",
-    "oxlint": "0.13.0",
+    "oxlint": "0.13.1",
     "pnpm": "9.14.2",
     "prettier": "3.3.3",
     "regenerator-runtime": "0.14.1",

frontend/src/composables/useMarked.ts

@@ -10,7 +10,7 @@ import markedAlert from "marked-alert";
 const youtubeRegex = /(?:youtube\.com\/(?:[^\s/]+\/\S+\/|(?:v|e(?:mbed)?)\/|.*[&?]v=)|youtu\.be\/)([\w-]{11})(?:==(\d+))?/;
 const imageSizeParts = /(.*)==\s*(\d*)\s*x?\s*(\d*)\s*$/;
 
-let headings: { id: string; text: string; level: number }[] = [];
+let headings: { id: string; text?: string; level: number }[] = [];
 let slugger: GithubSlugger;
 
 const hooks = {
@@ -22,17 +22,18 @@ const hooks = {
 } satisfies Partial<Hooks>;
 
 const renderer = {
-  heading(text, level, raw) {
+  heading({ tokens, depth, raw }) {
     // https://github.com/markedjs/marked-gfm-heading-id/blob/main/src/index.js#L17
     // Licenced as MIT, copied because we want an anchor
     raw = raw
       .toLowerCase()
       .trim()
       .replaceAll(/<[!/a-z].*?>/gi, "");
     const id = `${slugger.slug(raw)}`;
-    const heading = { level, text, id };
+    const text = this.parser?.parseInline(tokens) + "DUM";
+    const heading = { level: depth, text, id };
     headings.push(heading);
-    level = level + 1;
+    const level = depth + 1;
 
     return `<h${level} id="${id}">
               ${text}
@@ -42,7 +43,7 @@ const renderer = {
               </a>
             </h${level}>`;
   },
-  image(href, title, alt) {
+  image({ href, title, text }) {
     const parts = imageSizeParts.exec(href);
     let url = href;
     let height;
@@ -65,19 +66,20 @@ const renderer = {
         if (title) res += ' title="' + title + '"';
       }
 
-      res += ">" + alt + "</iframe>";
+      res += ">" + text + "</iframe>";
       return res;
     } else {
-      let res = '<img src="' + proxyImage(url) + '" alt="' + alt + '"';
+      let res = '<img src="' + proxyImage(url) + '" alt="' + text + '"';
       if (height) res += ' height="' + height + '"';
       if (width) res += ' width="' + width + '"';
       if (title) res += ' title="' + title + '"';
       res += ">";
       return res;
     }
   },
-  link(href, title, text) {
-    return `<a href="${linkout(href)}"` + (title ? ` title="${title}">` : ">") + text + "</a>";
+  link({ href, title, tokens }) {
+    console.log("link", href, title, tokens, linkout(href));
+    return `<a href="${linkout(href)}"` + (title ? ` title="${title}">` : ">") + this.parser?.parseInline(tokens) + "DUM</a>";
   },
 } satisfies Partial<Renderer>;
 marked.use({ hooks, renderer });

frontend/src/composables/useUrlHelper.ts

@@ -9,24 +9,31 @@ const isSafeHost = (host: string) => {
 };
 
 const isSafe = (urlString: string) => {
+  console.log("safe?", urlString, useBackendData.security.safeDownloadHosts);
   if (!urlString) {
+    console.log("1");
     return false;
   }
   if (urlString.startsWith("#") || urlString.startsWith("/")) {
+    console.log("2");
     return true;
   }
   try {
     const url = new URL(urlString);
     const host = url.hostname;
     if (url.protocol?.startsWith("mailto")) {
+      console.log("3");
       return true;
     } else if (!host || isSafeHost(host)) {
+      console.log("4");
       return true;
     }
   } catch {
+    console.log("5");
     return false;
   }
 
+  console.log("6");
   return false;
 };