apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-27 01:16:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Iframe (#502)

Browse source 
Added iframe block
This commit is contained in:
arkml 2026-04-18 12:10:40 +05:30 committed by GitHub
parent 1f58c1f6cb
commit acc655172d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 1642 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

25
apps/x/packages/shared/src/blocks.ts
View file

@ -1,5 +1,18 @@
import { z } from 'zod';
const IFRAME_LOCAL_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);
export function isAllowedIframeUrl(url: string): boolean {
try {
const parsed = new URL(url);
if (parsed.protocol === 'https:') return true;
if (parsed.protocol !== 'http:') return false;
return IFRAME_LOCAL_HOSTS.has(parsed.hostname.toLowerCase());
} catch {
return false;
}
}
export const ImageBlockSchema = z.object({
src: z.string(),
alt: z.string().optional(),
@ -16,6 +29,18 @@ export const EmbedBlockSchema = z.object({
export type EmbedBlock = z.infer<typeof EmbedBlockSchema>;
export const IframeBlockSchema = z.object({
url: z.string().url().refine(isAllowedIframeUrl, {
message: 'Iframe URLs must use https:// or local http://localhost / 127.0.0.1.',
}),
title: z.string().optional(),
caption: z.string().optional(),
height: z.number().int().min(240).max(1600).optional(),
allow: z.string().optional(),
});
export type IframeBlock = z.infer<typeof IframeBlockSchema>;
export const ChartBlockSchema = z.object({
chart: z.enum(['line', 'bar', 'pie']),
title: z.string().optional(),