Actualizacion de seguridad

2024-07-13 00:27:32 -05:00
parent 90f05f7ad0
commit fa92efc258
186 changed files with 75113 additions and 17648 deletions
--- a/node_modules/telegraf/markup.js
+++ b/node_modules/telegraf/markup.js
@@ -9,6 +9,11 @@ class Markup {
    return this
  }

+  inputFieldPlaceholder (placeholder) {
+    this.input_field_placeholder = placeholder
+    return this
+  }
+
  selective (value = true) {
    this.selective = value
    return this
@@ -59,6 +64,10 @@ class Markup {
    return Markup.locationRequestButton(text, hide)
  }

+  pollRequestButton (text, type, hide) {
+    return Markup.pollRequestButton(text, type, hide)
+  }
+
  urlButton (text, url, hide) {
    return Markup.urlButton(text, url, hide)
  }
@@ -107,6 +116,10 @@ class Markup {
    return new Markup().resize(value)
  }

+  static inputFieldPlaceholder (placeholder) {
+    return new Markup().inputFieldPlaceholder(placeholder)
+  }
+
  static selective (value = true) {
    return new Markup().selective(value)
  }
@@ -164,18 +177,105 @@ class Markup {
  }

  static formatHTML (text = '', entities = []) {
-    const chars = ['', ...text.split(''), ''].map(escapeHTMLChar)
-    entities.forEach(entity => {
-      const tag = getHTMLTag(entity)
-      const openPos = entity.offset
-      const closePos = entity.offset + entity.length + 1
-      chars[openPos] += tag.open
-      chars[closePos] = tag.close + chars[closePos]
-    })
-    return chars.join('')
+    const available = [...entities]
+    const opened = []
+    const result = []
+    for (let offset = 0; offset < text.length; offset++) {
+      while (true) {
+        const index = available.findIndex((entity) => entity.offset === offset)
+        if (index === -1) {
+          break
+        }
+        const entity = available[index]
+        switch (entity.type) {
+          case 'bold':
+            result.push('<b>')
+            break
+          case 'italic':
+            result.push('<i>')
+            break
+          case 'code':
+            result.push('<code>')
+            break
+          case 'pre':
+            if (entity.language) {
+              result.push(`<pre><code class="language-${entity.language}">`)
+            } else {
+              result.push('<pre>')
+            }
+            break
+          case 'strikethrough':
+            result.push('<s>')
+            break
+          case 'underline':
+            result.push('<u>')
+            break
+          case 'text_mention':
+            result.push(`<a href="tg://user?id=${entity.user.id}">`)
+            break
+          case 'text_link':
+            result.push(`<a href="${entity.url}">`)
+            break
+        }
+        opened.unshift(entity)
+        available.splice(index, 1)
+      }
+
+      result.push(escapeHTML(text[offset]))
+
+      while (true) {
+        const index = opened.findIndex((entity) => entity.offset + entity.length - 1 === offset)
+        if (index === -1) {
+          break
+        }
+        const entity = opened[index]
+        switch (entity.type) {
+          case 'bold':
+            result.push('</b>')
+            break
+          case 'italic':
+            result.push('</i>')
+            break
+          case 'code':
+            result.push('</code>')
+            break
+          case 'pre':
+            if (entity.language) {
+              result.push('</code></pre>')
+            } else {
+              result.push('</pre>')
+            }
+            break
+          case 'strikethrough':
+            result.push('</s>')
+            break
+          case 'underline':
+            result.push('</u>')
+            break
+          case 'text_mention':
+          case 'text_link':
+            result.push('</a>')
+            break
+        }
+        opened.splice(index, 1)
+      }
+    }
+    return result.join('')
  }
 }

+const escapedChars = {
+  '"': '&quot;',
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;'
+}
+
+function escapeHTML (string) {
+  const chars = [...string]
+  return chars.map(char => escapedChars[char] || char).join('')
+}
+
 function buildKeyboard (buttons, options) {
  const result = []
  if (!Array.isArray(buttons)) {
@@ -203,40 +303,4 @@ function buildKeyboard (buttons, options) {
  return result
 }

-function escapeHTMLChar (c) {
-  switch (c) {
-    case '&': return '&amp;'
-    case '"': return '&quot;'
-    case '\'': return '&#39;'
-    case '<': return '&lt;'
-    default : return c
-  }
-}
-
-function tag (name, params) {
-  return {
-    open: params
-      ? `<${name} ${Object.entries(params).map(([key, value]) => `${key}="${value.replace(/[<&"]/g, escapeHTMLChar)}"`).join(' ')}>`
-      : `<${name}>`,
-    close: `</${name}>`
-  }
-}
-
-const HTMLTags = new Map([
-  ['bold', tag('b')],
-  ['italic', tag('i')],
-  ['code', tag('code')],
-  ['pre', tag('pre')],
-  ['strikethrough', tag('s')],
-  ['underline', tag('u')],
-  ['text_link', ({ url }) => tag('a', { href: url })],
-  ['text_mention', ({ user }) => tag('a', { href: `tg://user?id=${user.id}` })]
-])
-
-function getHTMLTag (entity) {
-  const tag = HTMLTags.get(entity.type || 'unknown')
-  if (!tag) return { open: '', close: '' }
-  return typeof tag === 'function' ? tag(entity) : tag
-}
-
 module.exports = Markup