@gitlab/ui 66.37.0 → 67.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/dist/directives/safe_html/constants.js +2 -1
  3. package/dist/directives/safe_html/safe_html.js +3 -2
  4. package/dist/tokens/css/tokens.css +1 -1
  5. package/dist/tokens/css/tokens.dark.css +1 -1
  6. package/dist/tokens/js/tokens.dark.js +1 -1
  7. package/dist/tokens/js/tokens.js +1 -1
  8. package/dist/tokens/scss/_tokens.dark.scss +1 -1
  9. package/dist/tokens/scss/_tokens.scss +1 -1
  10. package/dist/utility_classes.css +1 -1
  11. package/dist/utility_classes.css.map +1 -1
  12. package/package.json +1 -1
  13. package/src/directives/safe_html/constants.js +2 -0
  14. package/src/directives/safe_html/safe_html.js +3 -2
  15. package/src/directives/safe_html/safe_html.spec.js +15 -0
  16. package/src/scss/utilities.scss +8 -0
  17. package/src/scss/utility-mixins/color.scss +4 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gitlab/ui",
3
- "version": "66.37.0",
3
+ "version": "67.1.0",
4
4
  "description": "GitLab UI Components",
5
5
  "license": "MIT",
6
6
  "main": "dist/index.js",
package/src/directives/safe_html/constants.js CHANGED
@@ -10,3 +10,5 @@ export const forbiddenDataAttrs = [
10
10
  'data-disable',
11
11
  'data-turbo',
12
12
  ];
13
+
14
+ export const forbiddenTags = ['style', 'mstyle', 'form'];
package/src/directives/safe_html/safe_html.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import DOMPurify from 'dompurify';
2
- import { forbiddenDataAttrs } from './constants';
2
+ import { forbiddenDataAttrs, forbiddenTags } from './constants';
3
3
 
4
4
  const { sanitize } = DOMPurify;
5
5
 
@@ -11,7 +11,8 @@ const { sanitize } = DOMPurify;
11
11
  const DEFAULT_CONFIG = {
12
12
  RETURN_DOM_FRAGMENT: true,
13
13
  ALLOW_UNKNOWN_PROTOCOLS: true,
14
- FORBID_ATTR: [...forbiddenDataAttrs],
14
+ FORBID_ATTR: forbiddenDataAttrs,
15
+ FORBID_TAGS: forbiddenTags,
15
16
  };
16
17
 
17
18
  const transform = (el, binding) => {
package/src/directives/safe_html/safe_html.spec.js CHANGED
@@ -49,6 +49,21 @@ describe('safe html directive', () => {
49
49
  expect(wrapper.html()).toEqual('<div><a>click here</a></div>');
50
50
  });
51
51
 
52
+ it('should remove style tags', () => {
53
+ createComponent({ html: '<style>p {width:50%;}</style>' });
54
+ expect(wrapper.html()).toEqual('<div></div>');
55
+ });
56
+
57
+ it('should remove mstyle tags', () => {
58
+ createComponent({ html: '<math><mstyle displaystyle="true"></mstyle></math>' });
59
+ expect(wrapper.html()).toEqual('<div><math></math></div>');
60
+ });
61
+
62
+ it('should remove form tags', () => {
63
+ createComponent({ html: '<form method="post" action="path"></form>' });
64
+ expect(wrapper.html()).toEqual('<div></div>');
65
+ });
66
+
52
67
  it('should remove any existing children', () => {
53
68
  createComponent({
54
69
  template: `<div v-safe-html="rawHtml">foo <i>bar</i></div>`,
package/src/scss/utilities.scss CHANGED
@@ -2448,6 +2448,14 @@ $gl-animate-skeleton-loader-max-width: 64 * $grid-size;
2448
2448
  color: $black-normal !important;
2449
2449
  }
2450
2450
 
2451
+ .gl-text-gray-100 {
2452
+ color: $gray-100;
2453
+ }
2454
+
2455
+ .gl-text-gray-100\! {
2456
+ color: $gray-100 !important;
2457
+ }
2458
+
2451
2459
  .gl-text-gray-200 {
2452
2460
  color: $gray-200;
2453
2461
  }
package/src/scss/utility-mixins/color.scss CHANGED
@@ -41,6 +41,10 @@
41
41
  color: $black-normal;
42
42
  }
43
43
 
44
+ @mixin gl-text-gray-100 {
45
+ color: $gray-100;
46
+ }
47
+
44
48
  @mixin gl-text-gray-200 {
45
49
  color: $gray-200;
46
50
  }