diff --git a/.github/renovate.json b/.github/renovate.json
index 685fe800a1..3a5722ca33 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -31,7 +31,6 @@
"groupSlug": "all-minor-patch",
"matchUpdateTypes": ["minor", "patch"],
"matchManagers": ["npm"],
- "matchPackageNames": ["*"],
"excludePackagePatterns": ["^@blocksuite/", "^oxlint$"]
},
{
diff --git a/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts b/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
index f6ad9de0d3..840e3c022a 100644
--- a/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
+++ b/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
@@ -59,6 +59,12 @@ describe('sanitizeSvg', () => {
expect(sanitizeSvg('
')).toBe('');
});
+ test('rejects malformed doctype prefixes without regexp backtracking', () => {
+ const maliciousPrefix = '`)).toBe('');
+ });
+
test('keeps internal glyph references and safe image data urls', () => {
const sanitized = sanitizeSvg(`