npm - @descope/web-components-ui - Versions diffs - 1.0.368 → 1.0.370 - Mend

@descope/web-components-ui 1.0.368 → 1.0.370

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/cjs/index.cjs.js +71 -12
package/dist/cjs/index.cjs.js.map +1 -1
package/dist/index.esm.js +71 -12
package/dist/index.esm.js.map +1 -1
package/dist/umd/7856.js +2 -0
package/dist/umd/7856.js.LICENSE.txt +1 -0
package/dist/umd/DescopeDev.js +2 -1
package/dist/umd/DescopeDev.js.LICENSE.txt +1 -0
package/dist/umd/button-selection-group-fields-descope-button-multi-selection-group-index-js.js +1 -1
package/dist/umd/button-selection-group-fields-descope-button-selection-group-index-js.js +1 -1
package/dist/umd/button-selection-group-fields-descope-button-selection-group-item-index-js.js +1 -1
package/dist/umd/descope-apps-list-index-js.js +1 -1
package/dist/umd/descope-button-index-js.js +1 -1
package/dist/umd/descope-icon-index-js.js +1 -1
package/dist/umd/descope-list-index-js.js +1 -1
package/dist/umd/descope-upload-file-index-js.js +1 -1
package/dist/umd/descope-user-attribute-index-js.js +1 -1
package/dist/umd/descope-user-auth-method-index-js.js +1 -1
package/dist/umd/index.js +1 -1
package/dist/umd/mapping-fields-descope-mappings-field-index-js.js +1 -1
package/package.json +2 -1
package/src/components/descope-apps-list/AppsListClass.js +5 -6
package/src/components/descope-icon/helpers.js +16 -4
package/src/components/descope-list/ListClass.js +15 -1
package/src/mixins/createDynamicDataMixin.js +36 -1

package/dist/cjs/index.cjs.js CHANGED Viewed

@@ -2,6 +2,7 @@
 var merge = require('lodash.merge');
 var Color = require('color');
+var DOMPurify = require('dompurify');
 var MarkdownIt = require('markdown-it');
 require('lodash.debounce');
 var hljs = require('highlight.js');
@@ -2622,7 +2623,9 @@ const getFileExtension = (path) => {
   return match ? match[1] : null;
 };
-const isSvg = (src) => getFileExtension(src) === 'svg' || src.indexOf('image/svg+xml') > -1;
+const base64Prefix = 'data:image/svg+xml;base64,';
+const isBase64Svg = (src) => src.startsWith(base64Prefix);
 const createImgEle = (src) => {
   const ele = document.createElement('img');
@@ -2631,20 +2634,28 @@ const createImgEle = (src) => {
 };
 const createSvgEle = (text) => {
+  // we want to purify the SVG to avoid XSS attacks
+  const clean = DOMPurify.sanitize(text, { USE_PROFILES: { svg: true, svgFilters: true } });
   const parser = new DOMParser();
-  const ele = parser.parseFromString(text, 'image/svg+xml').querySelector('svg');
+  const ele = parser.parseFromString(clean, 'image/svg+xml').querySelector('svg');
   return ele;
 };
 const createIcon = async (src) => {
   try {
     let ele;
-    if (isSvg(src)) {
+    if (isBase64Svg(src)) {
+      // handle base64 source
+      const svgXml = atob(src.slice(base64Prefix.length));
+      ele = createSvgEle(svgXml);
+    } else if (getFileExtension(src) === 'svg') {
+      // handle urls
       const fetchedSrc = await fetch(src);
       const text = await fetchedSrc.text();
       ele = createSvgEle(text);
     } else {
+      // handle binary
       ele = createImgEle(src);
     }
@@ -13207,7 +13218,7 @@ const componentName$3 = getComponentName('list');
 class RawList extends createBaseClass({ componentName: componentName$3, baseSelector: '.wrapper' }) {
   static get observedAttributes() {
-    return ['variant'];
+    return ['variant', 'readonly'];
   }
   constructor() {
@@ -13290,6 +13301,18 @@ class RawList extends createBaseClass({ componentName: componentName$3, baseSele
     observeChildren(this, () => {
       this.#handleEmptyState();
       this.#handleItemsVariant();
+      this.#handleReadOnly();
+    });
+  }
+  get isReadOnly() {
+    return this.getAttribute('readonly') === 'true';
+  }
+  #handleReadOnly() {
+    this.items.forEach((item) => {
+      if (this.isReadOnly) item.setAttribute('inert', '');
+      else item.removeAttribute('inert');
     });
   }
@@ -13300,6 +13323,8 @@ class RawList extends createBaseClass({ componentName: componentName$3, baseSele
     if (name === 'variant') {
       this.#handleItemsVariant();
+    } else if (name === 'readonly') {
+      this.#handleReadOnly();
     }
   }
 }
@@ -13513,16 +13538,51 @@ const createDynamicDataMixin =
         super.init?.();
         if (rerenderAttrsList.length) {
-          observeAttributes(this, () => this.#renderItems(), { includeAttrs: rerenderAttrsList });
+          observeAttributes(
+            this,
+            (attrs) => {
+              if (attrs.includes('data')) this.#handleDataAttr();
+              if (attrs.some((attr) => attr !== 'data')) this.#renderItems();
+            },
+            { includeAttrs: [...rerenderAttrsList, 'data'] }
+          );
         } else {
           this.#renderItems();
         }
       }
+      #handleDataAttr() {
+        const dataAttr = this.getAttribute('data');
+        if (!dataAttr) return;
+        try {
+          this.#data = JSON.parse(dataAttr);
+        } catch (e) {
+          // eslint-disable-next-line no-console
+          console.warn('Invalid JSON data', dataAttr);
+        }
+      }
+      attributeChangedCallback(name, oldValue, newValue) {
+        super.attributeChangedCallback?.(name, oldValue, newValue);
+        if (newValue === oldValue) return;
+        if (name === 'data') {
+          try {
+            this.data = JSON.parse(newValue);
+          } catch (e) {
+            // eslint-disable-next-line no-console
+            console.warn('Invalid JSON data', newValue);
+          }
+        }
+      }
     };
 const componentName$2 = getComponentName('apps-list');
-const limitAbbreviation = (str, limit = 3) =>
+const limitAbbreviation = (str, limit = 2) =>
   str
     .trim()
     .split(' ')
@@ -13531,12 +13591,11 @@ const limitAbbreviation = (str, limit = 3) =>
     .join('');
 const itemRenderer = ({ name, icon, url }, _, ref) => `
-  <a href="${url}" target="_blank" title="${url}">
+  <a ${url ? `href="${url}" title="${url}"` : ''} target="_blank">
     <descope-list-item>
     <descope-avatar
-      img="${icon}"
-      display-name="${name}"
-      abbr=${limitAbbreviation(name)}
+      ${icon ? `img="${icon}"` : ''}
+      ${name ? `display-name="${name}" abbr=${limitAbbreviation(name)}` : ''}
       size=${ref.size}
     ></descope-avatar>
     <descope-text
@@ -13582,7 +13641,7 @@ const AppsListClass = compose(
   createProxy({
     slots: ['empty-state'],
     wrappedEleName: 'descope-list',
-    excludeAttrsSync: ['tabindex', 'class'],
+    excludeAttrsSync: ['tabindex', 'class', 'empty'],
     componentName: componentName$2,
     style: () => `
       :host {