@befe/brick-comp-rich-text 0.2.53 → 0.2.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/es/rich-text-view.js +12 -16
  3. package/package.json +6 -6
  4. package/src/rich-text-view.tsx +7 -7
package/CHANGELOG.md CHANGED
@@ -3,6 +3,14 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ ## [0.2.54](https://icode.baidu.com/repos/baidu/be-fe/brick/merge/%40befe%2Fbrick-comp-rich-text%400.2.53...%40befe%2Fbrick-comp-rich-text%400.2.54) (2026-05-29)
7
+
8
+ **Note:** Version bump only for package @befe/brick-comp-rich-text
9
+
10
+
11
+
12
+
13
+
6
14
  ## [0.2.53](https://icode.baidu.com:8235/baidu/be-fe/brick//%40befe%2Fbrick-comp-rich-text%400.2.52...%40befe%2Fbrick-comp-rich-text%400.2.53) (2026-05-25)
7
15
 
8
16
  **Note:** Version bump only for package @befe/brick-comp-rich-text
package/es/rich-text-view.js CHANGED
@@ -1,9 +1,3 @@
1
- import _defineProperty from "@babel/runtime-corejs3/helpers/defineProperty";
2
- import _objectWithoutProperties from "@babel/runtime-corejs3/helpers/objectWithoutProperties";
3
- var _excluded = ["value", "className"];
4
- function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = _filterInstanceProperty(o).call(o, function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
5
- function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context2, _context3; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty(_context2 = ownKeys(Object(t), !0)).call(_context2, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : _forEachInstanceProperty(_context3 = ownKeys(Object(t))).call(_context3, function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; }
6
- import _concatInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/concat";
7
1
  import _Object$keys from "@babel/runtime-corejs3/core-js-stable/object/keys";
8
2
  import _Object$getOwnPropertySymbols from "@babel/runtime-corejs3/core-js-stable/object/get-own-property-symbols";
9
3
  import _filterInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/filter";
@@ -12,26 +6,28 @@ import _forEachInstanceProperty from "@babel/runtime-corejs3/core-js-stable/inst
12
6
  import _Object$getOwnPropertyDescriptors from "@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptors";
13
7
  import _Object$defineProperties from "@babel/runtime-corejs3/core-js-stable/object/define-properties";
14
8
  import _Object$defineProperty from "@babel/runtime-corejs3/core-js-stable/object/define-property";
9
+ import _defineProperty from "@babel/runtime-corejs3/helpers/defineProperty";
10
+ import _objectWithoutProperties from "@babel/runtime-corejs3/helpers/objectWithoutProperties";
11
+ var _excluded = ["value", "className"];
12
+ function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = _filterInstanceProperty(o).call(o, function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
13
+ function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context, _context2; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty(_context = ownKeys(Object(t), !0)).call(_context, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : _forEachInstanceProperty(_context2 = ownKeys(Object(t))).call(_context2, function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; }
15
14
  import { forwardRef } from 'react';
16
15
  import cx from 'classnames';
17
- import sanitizeHtml from 'sanitize-html';
16
+ import DOMPurify from 'dompurify';
18
17
  import { imagePreview } from '@befe/brick-comp-preview';
19
18
  import { jsx as _jsx } from "react/jsx-runtime";
20
19
  export var RichTextView = /*#__PURE__*/forwardRef(function (props, ref) {
21
- var _context;
22
20
  var value = props.value,
23
21
  className = props.className,
24
22
  restProps = _objectWithoutProperties(props, _excluded);
25
23
  var classes = cx('brick-rich-text-view', {}, className);
26
24
  var sanitizedHtml = {
27
- __html: sanitizeHtml(value || '', {
28
- // 需要接受行内样式,姑且允许所有 attributes
29
- allowedAttributes: false,
30
- allowedSchemesByTag: {
31
- img: ['data']
32
- },
33
- allowVulnerableTags: true,
34
- allowedTags: _concatInstanceProperty(_context = sanitizeHtml.defaults.allowedTags).call(_context, ['img', 'style'])
25
+ __html: DOMPurify.sanitize(value || '', {
26
+ // 允许 <style> 标签(富文本编辑器产出内容含内联样式表)
27
+ ADD_TAGS: ['style'],
28
+ // 允许 img 使用 data: URI
29
+ ADD_DATA_URI_TAGS: ['img'],
30
+ FORCE_BODY: true
35
31
  })
36
32
  };
37
33
  var handleClick = function handleClick(e) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@befe/brick-comp-rich-text",
3
- "version": "0.2.53",
3
+ "version": "0.2.54",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "ssh://git@icode.baidu.com:8235/baidu/be-fe/brick",
@@ -26,14 +26,14 @@
26
26
  "license": "ISC",
27
27
  "dependencies": {
28
28
  "@befe/brick-comp-button": "^0.2.96",
29
- "@befe/brick-comp-drop-menu": "^0.2.111",
29
+ "@befe/brick-comp-drop-menu": "^0.2.112",
30
30
  "@befe/brick-comp-icon": "^0.2.93",
31
31
  "@befe/brick-comp-input": "^0.2.100",
32
32
  "@befe/brick-comp-link": "^0.2.93",
33
33
  "@befe/brick-comp-loading": "^0.2.94",
34
34
  "@befe/brick-comp-popper": "^0.2.97",
35
35
  "@befe/brick-comp-preview": "^0.2.31",
36
- "@befe/brick-comp-select": "^0.2.115",
36
+ "@befe/brick-comp-select": "^0.2.116",
37
37
  "@befe/brick-comp-textarea": "^0.2.96",
38
38
  "@befe/brick-comp-toast": "^0.2.98",
39
39
  "@befe/brick-comp-upload": "^0.2.108",
@@ -58,9 +58,9 @@
58
58
  "@lexical/table": "^0.16.0",
59
59
  "@lexical/text": "^0.16.0",
60
60
  "@lexical/utils": "^0.16.0",
61
+ "dompurify": "^3.0.0",
61
62
  "lexical": "^0.16.0",
62
- "react-color": "^2.19.3",
63
- "sanitize-html": "^2.13.0"
63
+ "react-color": "^2.19.3"
64
64
  },
65
65
  "peerDependencies": {
66
66
  "classnames": "^2.0.0",
@@ -68,5 +68,5 @@
68
68
  "react": "^16.9.0 || ^17.0.0",
69
69
  "react-dom": "^16.9.0 || ^17.0.0"
70
70
  },
71
- "gitHead": "b9584834398ed68526441721bf84bcd22022168e"
71
+ "gitHead": "762a207abaa9a1c1af35d7a2cafb2921aedd35ec"
72
72
  }
package/src/rich-text-view.tsx CHANGED
@@ -1,6 +1,6 @@
1
1
  import {forwardRef, HTMLAttributes, MouseEvent} from 'react'
2
2
  import cx from 'classnames'
3
- import sanitizeHtml from 'sanitize-html'
3
+ import DOMPurify from 'dompurify'
4
4
  import {imagePreview} from '@befe/brick-comp-preview'
5
5
 
6
6
  export interface RichTextViewProps extends HTMLAttributes<HTMLDivElement> {
@@ -24,12 +24,12 @@ export const RichTextView = forwardRef<HTMLDivElement, RichTextViewProps>((props
24
24
  )
25
25
 
26
26
  const sanitizedHtml = {
27
- __html: sanitizeHtml(value || '', {
28
- // 需要接受行内样式,姑且允许所有 attributes
29
- allowedAttributes: false,
30
- allowedSchemesByTag: {img: ['data']},
31
- allowVulnerableTags: true,
32
- allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img', 'style']),
27
+ __html: DOMPurify.sanitize(value || '', {
28
+ // 允许 <style> 标签(富文本编辑器产出内容含内联样式表)
29
+ ADD_TAGS: ['style'],
30
+ // 允许 img 使用 data: URI
31
+ ADD_DATA_URI_TAGS: ['img'],
32
+ FORCE_BODY: true,
33
33
  }),
34
34
  }
35
35