From fb046359b5f1d83655fde30f85374142d576ff6c Mon Sep 17 00:00:00 2001
From: Ryosuke Igarashi <igarashi.ryosuke@classmethod.jp>
Date: Mon, 5 Feb 2024 17:18:41 +0900
Subject: [PATCH 1/2] =?UTF-8?q?fix:=20Codesandbox=20URL=20=E3=81=AB=20`+`?=
 =?UTF-8?q?=20=E3=82=92=E8=A8=B1=E5=AE=B9=E3=81=99=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../matchers/isCodesandboxUrl.test.ts         | 20 +++++++++++++++++++
 .../src/utils/url-matcher.ts                  |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 packages/zenn-markdown-html/__tests__/matchers/isCodesandboxUrl.test.ts

diff --git a/packages/zenn-markdown-html/__tests__/matchers/isCodesandboxUrl.test.ts b/packages/zenn-markdown-html/__tests__/matchers/isCodesandboxUrl.test.ts
new file mode 100644
index 00000000..c7ea6708
--- /dev/null
+++ b/packages/zenn-markdown-html/__tests__/matchers/isCodesandboxUrl.test.ts
@@ -0,0 +1,20 @@
+import { describe, test, expect } from 'vitest';
+import { isCodesandboxUrl } from '../../src/utils/url-matcher';
+
+describe('isCodesandboxUrlのテスト', () => {
+  describe('Trueを返す場合', () => {
+    test('Codesandboxの埋め込みURL', () => {
+      const url =
+        'https://codesandbox.io/embed/new?view=Editor+%2B+Preview';
+
+      expect(isCodesandboxUrl(url)).toBe(true);
+    });
+  });
+
+  describe('Falseを返す場合', () => {
+    test('XSSを含んでいる', () => {
+      const url = `https://codesandbox.io/embed/new?view=Editor+%2B+Preview"></iframe><img src onerror=alert(document.domain)>/`;
+      expect(isCodesandboxUrl(url)).toBe(false);
+    });
+  });
+});
diff --git a/packages/zenn-markdown-html/src/utils/url-matcher.ts b/packages/zenn-markdown-html/src/utils/url-matcher.ts
index ebc12421..73ac988d 100644
--- a/packages/zenn-markdown-html/src/utils/url-matcher.ts
+++ b/packages/zenn-markdown-html/src/utils/url-matcher.ts
@@ -32,7 +32,7 @@ export function isStackblitzUrl(url: string): boolean {
 }
 
 export function isCodesandboxUrl(url: string): boolean {
-  return /^https:\/\/codesandbox\.io\/embed\/[a-zA-Z0-9\-_/.@?&=%,]+$/.test(
+  return /^https:\/\/codesandbox\.io\/embed\/[a-zA-Z0-9\-_/.@?&=%,+]+$/.test(
     url
   );
 }

From 8d0d38160ce38c8b109b91649dda36b473677c40 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 08:28:13 +0000
Subject: [PATCH 2/2] v0.1.153-alpha.0

---
 lerna.json                                | 2 +-
 packages/zenn-cli/package.json            | 2 +-
 packages/zenn-content-css/package.json    | 2 +-
 packages/zenn-embed-elements/package.json | 2 +-
 packages/zenn-markdown-html/package.json  | 2 +-
 packages/zenn-model/package.json          | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lerna.json b/lerna.json
index 122c1d00..7a452371 100644
--- a/lerna.json
+++ b/lerna.json
@@ -2,6 +2,6 @@
   "packages": [
     "packages/*"
   ],
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "npmClient": "pnpm"
 }
diff --git a/packages/zenn-cli/package.json b/packages/zenn-cli/package.json
index 84bdd517..fd8e2c6f 100644
--- a/packages/zenn-cli/package.json
+++ b/packages/zenn-cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenn-cli",
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "description": "Preview Zenn content locally.",
   "repository": {
     "type": "git",
diff --git a/packages/zenn-content-css/package.json b/packages/zenn-content-css/package.json
index c72372c7..abe5583b 100644
--- a/packages/zenn-content-css/package.json
+++ b/packages/zenn-content-css/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenn-content-css",
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "license": "MIT",
   "description": "Zenn flavor content style.",
   "repository": {
diff --git a/packages/zenn-embed-elements/package.json b/packages/zenn-embed-elements/package.json
index 6beb0ed2..57a2067b 100644
--- a/packages/zenn-embed-elements/package.json
+++ b/packages/zenn-embed-elements/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenn-embed-elements",
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "license": "MIT",
   "description": "Web components for embedded contents.",
   "repository": {
diff --git a/packages/zenn-markdown-html/package.json b/packages/zenn-markdown-html/package.json
index c35d3260..5c25cb19 100644
--- a/packages/zenn-markdown-html/package.json
+++ b/packages/zenn-markdown-html/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenn-markdown-html",
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "license": "MIT",
   "description": "Convert markdown to zenn flavor html.",
   "main": "lib/index.js",
diff --git a/packages/zenn-model/package.json b/packages/zenn-model/package.json
index 7d311350..b47d12fa 100644
--- a/packages/zenn-model/package.json
+++ b/packages/zenn-model/package.json
@@ -1,6 +1,6 @@
 {
   "name": "zenn-model",
-  "version": "0.1.152",
+  "version": "0.1.153-alpha.0",
   "license": "MIT",
   "description": "Model utils for Zenn contents",
   "main": "lib/index.js",