migrate google-caja to npm and apply patch

RRosio · RRosio · commit f5bbb111c11e · 2025-08-12T17:14:56.000-07:00
diff --git a/package.json b/package.json
@@ -34,7 +34,7 @@
     "watch:css": "onchange 'nbclassic/static/**/*.less' -- npm run build:css",
     "watch:js": "onchange 'nbclassic/static/**/!(*.min).js' 'bower.json' -- npm run build:js",
     "watch": "npm-run-all --parallel watch:*",
-    "postinstall": "node postinstall.js"
+    "postinstall": "node postinstall.js && npx patch-package google-caja-sanitizer"
   },
   "devDependencies": {
     "@babel/core": "^7.15.0",
@@ -63,7 +63,7 @@
     "mathjax": "^2.7.4",
     "codemirror": "~5.58.2",
     "es6-promise": "~1.0",
-    "@bower_components/google-caja": "https://github.com/minrk/google-caja-bower/archive/refs/tags/5669.0.0.tar.gz",
+    "google-caja-sanitizer": "~1.0.4",
     "jed": "~1.1.1",
     "jquery": "~3.7.1",
     "jquery-typeahead": "~2.11.1",
diff --git a/patches/google-caja-sanitizer+1.0.4.patch b/patches/google-caja-sanitizer+1.0.4.patch
@@ -0,0 +1,34 @@
+diff --git a/node_modules/google-caja-sanitizer/sanitizer.js b/node_modules/google-caja-sanitizer/sanitizer.js
+index bf8ff98..43e8173 100644
+--- a/node_modules/google-caja-sanitizer/sanitizer.js
++++ b/node_modules/google-caja-sanitizer/sanitizer.js
+@@ -4919,16 +4919,16 @@ var html = (function(html4) {
+ })(html4);
+
+
+-exports.escapeAttrib = html.escapeAttrib;
+-exports.makeHtmlSanitizer = html.makeHtmlSanitizer;
+-exports.makeSaxParser = html.makeSaxParser;
+-exports.makeTagPolicy = html.makeTagPolicy;
+-exports.normalizeRCData = html.normalizeRCData;
+-exports.sanitize = html.sanitize;
+-exports.smartSanitize = function (string, urlX, idX) {
+-  string = string.replace(/<([a-zA-Z]+)([^>]*)\/>/g, '<$1$2></$1>');
+-  return html.sanitize(string, urlX, idX);
+-}
+-exports.sanitizeAttribs = html.sanitizeAttribs;
+-exports.sanitizeWithPolicy = html.sanitizeWithPolicy;
+-exports.unescapeEntities = html.unescapeEntities;
++// exports.escapeAttrib = html.escapeAttrib;
++// exports.makeHtmlSanitizer = html.makeHtmlSanitizer;
++// exports.makeSaxParser = html.makeSaxParser;
++// exports.makeTagPolicy = html.makeTagPolicy;
++// exports.normalizeRCData = html.normalizeRCData;
++// exports.sanitize = html.sanitize;
++// exports.smartSanitize = function (string, urlX, idX) {
++//   string = string.replace(/<([a-zA-Z]+)([^>]*)\/>/g, '<$1$2></$1>');
++//   return html.sanitize(string, urlX, idX);
++// }
++// exports.sanitizeAttribs = html.sanitizeAttribs;
++// exports.sanitizeWithPolicy = html.sanitizeWithPolicy;
++// exports.unescapeEntities = html.unescapeEntities;
diff --git a/postinstall.js b/postinstall.js
@@ -39,87 +39,12 @@ function ensureSymlink(sourcePath, targetPath) {
   }
 }
 
-//  Symlink bower_components
-ensureSymlink("node_modules/@bower_components", "nbclassic/static/components");
-
 // Symlink other static assets no longer in bower_components
 ensureSymlink(
-  "node_modules/marked",
-  "nbclassic/static/components/marked"
-);
-ensureSymlink(
-  "node_modules/font-awesome",
-  "nbclassic/static/components/font-awesome"
-);
-ensureSymlink(
-  "node_modules/backbone",
-  "nbclassic/static/components/backbone"
-);
-ensureSymlink(
-  "node_modules/bootstrap",
-  "nbclassic/static/components/bootstrap"
-);
-ensureSymlink(
-  "node_modules/bootstrap-tour",
-  "nbclassic/static/components/bootstrap-tour"
-);
-ensureSymlink(
-  "node_modules/jed",
-  "nbclassic/static/components/jed"
-);
-ensureSymlink(
-  "node_modules/moment",
-  "nbclassic/static/components/moment"
-);
-ensureSymlink(
-  "node_modules/text-encoding",
-  "nbclassic/static/components/text-encoding"
-);
-ensureSymlink(
-  "node_modules/underscore",
-  "nbclassic/static/components/underscore"
-);
-ensureSymlink(
-  "node_modules/jquery",
-  "nbclassic/static/components/jquery"
-);
-ensureSymlink(
-  "node_modules/jquery-ui",
-  "nbclassic/static/components/jquery-ui"
-);
-ensureSymlink(
-  "node_modules/jquery-typeahead",
-  "nbclassic/static/components/jquery-typeahead"
+  "node_modules",
+  "nbclassic/static/components"
 );
 ensureSymlink(
   "node_modules/mathjax",
   "nbclassic/static/components/MathJax"
 );
-ensureSymlink(
-  "node_modules/codemirror",
-  "nbclassic/static/components/codemirror"
- );
-ensureSymlink(
-  "node_modules/react",
-  "nbclassic/static/components/react"
-);
-ensureSymlink(
-  "node_modules/react-dom",
-  "nbclassic/static/components/react-dom"
-);
-ensureSymlink(
-  "node_modules/es6-promise",
-  "nbclassic/static/components/es6-promise"
-);
-ensureSymlink(
-  "node_modules/requirejs",
-  "nbclassic/static/components/requirejs"
-);
-ensureSymlink(
-  "node_modules/requirejs-plugins",
-  "nbclassic/static/components/requirejs-plugins"
-);
-ensureSymlink(
-  "node_modules/requirejs-text",
-  "nbclassic/static/components/requirejs-text"
-);
diff --git a/pyproject.toml b/pyproject.toml
@@ -129,7 +129,7 @@ artifacts = [
 "nbclassic/static/components/bootstrap-tour/build/js/bootstrap-tour.min.js" = "nbclassic/static/components/bootstrap-tour/build/js/bootstrap-tour.min.js"
 "nbclassic/static/components/bootstrap/dist/js/bootstrap.min.js" = "nbclassic/static/components/bootstrap/dist/js/bootstrap.min.js"
 "nbclassic/static/components/create-react-class/index.js" = "nbclassic/static/components/create-react-class/index.js"
-"nbclassic/static/components/google-caja/html-css-sanitizer-minified.js" = "nbclassic/static/components/google-caja/html-css-sanitizer-minified.js"
+"nbclassic/static/components/google-caja-sanitizer/sanitizer.js" = "nbclassic/static/components/google-caja-sanitizer/sanitizer.js"
 "nbclassic/static/components/jed/jed.js" = "nbclassic/static/components/jed/jed.js"
 "nbclassic/static/components/jquery/dist/jquery.min.js" = "nbclassic/static/components/jquery/dist/jquery.min.js"
 "nbclassic/static/components/jquery-typeahead/dist/jquery.typeahead.min.js" = "nbclassic/static/components/jquery-typeahead/dist/jquery.typeahead.min.js"
diff --git a/tools/security_deprecated.js b/tools/security_deprecated.js
@@ -3,7 +3,7 @@
 
 define([
     'jquery',
-    'components/google-caja/html-css-sanitizer-minified',
+    'components/google-caja-sanitizer/sanitizer',
 ], function($, sanitize) {
     "use strict";
 
diff --git a/yarn.lock b/yarn.lock
@@ -841,10 +841,6 @@
     classnames "^2.2"
     tslib "~2.3.1"
 
-"@bower_components/google-caja@https://github.com/minrk/google-caja-bower/archive/refs/tags/5669.0.0.tar.gz":
-  version "0.0.0"
-  resolved "https://github.com/minrk/google-caja-bower/archive/refs/tags/5669.0.0.tar.gz#6830582db17ef8087e38d3aa9703966fb9a86278"
-
 "@discoveryjs/json-ext@^0.5.0":
   version "0.5.7"
   resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70"
@@ -2077,6 +2073,11 @@ globals@^11.1.0:
   resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
   integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
 
+google-caja-sanitizer@~1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/google-caja-sanitizer/-/google-caja-sanitizer-1.0.4.tgz#614cf2c3d2e5e83ea961ab98d79318c03d8682e5"
+  integrity sha512-KEqGmAIbxvEZy4nPLpVoAlxQhEoq4H/0WMEQsEXlxjP+OxCT9nDYQi7Z7PVanwb77Jc+OJ9SoBQ6zw2OnmCvLw==
+
 gopd@^1.0.1, gopd@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1"
