@ckeditor/ckeditor5-engine 47.6.0-alpha.8 → 47.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
- package/src/view/domconverter.js +2 -3
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ckeditor/ckeditor5-engine",
|
|
3
|
-
"version": "47.6.0
|
|
3
|
+
"version": "47.6.0",
|
|
4
4
|
"description": "The editing engine of CKEditor 5 – the best browser-based rich text editor.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"wysiwyg",
|
|
@@ -24,7 +24,7 @@
|
|
|
24
24
|
"type": "module",
|
|
25
25
|
"main": "src/index.js",
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"@ckeditor/ckeditor5-utils": "47.6.0
|
|
27
|
+
"@ckeditor/ckeditor5-utils": "47.6.0",
|
|
28
28
|
"es-toolkit": "1.39.5"
|
|
29
29
|
},
|
|
30
30
|
"author": "CKSource (http://cksource.com/)",
|
package/src/view/domconverter.js
CHANGED
|
@@ -207,8 +207,7 @@ export class ViewDomConverter {
|
|
|
207
207
|
if (attributeKey.startsWith('on')) {
|
|
208
208
|
return false;
|
|
209
209
|
}
|
|
210
|
-
if (attributeKey === 'srcdoc'
|
|
211
|
-
attributeValue.match(/\bon\S+\s*=|javascript:|<\s*\/*script/i)) {
|
|
210
|
+
if (attributeKey === 'srcdoc') {
|
|
212
211
|
return false;
|
|
213
212
|
}
|
|
214
213
|
if (elementName === 'img' &&
|
|
@@ -218,7 +217,7 @@ export class ViewDomConverter {
|
|
|
218
217
|
if (elementName === 'source' && attributeKey === 'srcset') {
|
|
219
218
|
return true;
|
|
220
219
|
}
|
|
221
|
-
if (attributeValue.
|
|
220
|
+
if (attributeValue.replace(/\s+/g, '').match(/^(javascript:|data:(image\/svg|text\/x?html))/i)) {
|
|
222
221
|
return false;
|
|
223
222
|
}
|
|
224
223
|
return true;
|