@instructure/platform-assignment-review 0.4.18 → 0.4.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +32 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -749,6 +749,11 @@ const Fi = /* @__PURE__ */ new Set([
|
|
|
749
749
|
"text-decoration",
|
|
750
750
|
"text-indent",
|
|
751
751
|
"white-space",
|
|
752
|
+
// Chrome's CSSOM expands `white-space` to these longhands when iterating
|
|
753
|
+
// element.style — the shorthand never appears in the iterator, so the hook
|
|
754
|
+
// would strip them unless listed explicitly (same as border-radius below).
|
|
755
|
+
"white-space-collapse",
|
|
756
|
+
"text-wrap-mode",
|
|
752
757
|
"vertical-align",
|
|
753
758
|
"text-transform",
|
|
754
759
|
"letter-spacing",
|
|
@@ -997,7 +1002,33 @@ const Fi = /* @__PURE__ */ new Set([
|
|
|
997
1002
|
// files from a separate sandboxed origin. object/embed also have no usable
|
|
998
1003
|
// sandbox attribute, so the sandbox-token hook cannot constrain them — again,
|
|
999
1004
|
// parity with an unsandboxed iframe, which is already permitted.
|
|
1000
|
-
|
|
1005
|
+
//
|
|
1006
|
+
// maction…none are the remaining MathML presentation/layout containers from
|
|
1007
|
+
// DOMPurify's mathMlDisallowed set (RCX-5259). They are re-added as tags only:
|
|
1008
|
+
// unlike annotation-xml they are NOT HTML integration points, so they carry no
|
|
1009
|
+
// namespace-confusion (mXSS) risk and need no guarding hook. Because they go in
|
|
1010
|
+
// ADD_TAGS and not ADD_ATTR, DOMPurify keeps filtering their attributes — an
|
|
1011
|
+
// event handler like onclick on <maction> is still stripped.
|
|
1012
|
+
ADD_TAGS: [
|
|
1013
|
+
"iframe",
|
|
1014
|
+
"semantics",
|
|
1015
|
+
"annotation",
|
|
1016
|
+
"annotation-xml",
|
|
1017
|
+
"object",
|
|
1018
|
+
"embed",
|
|
1019
|
+
"param",
|
|
1020
|
+
"maction",
|
|
1021
|
+
"maligngroup",
|
|
1022
|
+
"malignmark",
|
|
1023
|
+
"mlongdiv",
|
|
1024
|
+
"mscarries",
|
|
1025
|
+
"mscarry",
|
|
1026
|
+
"msgroup",
|
|
1027
|
+
"mstack",
|
|
1028
|
+
"msline",
|
|
1029
|
+
"msrow",
|
|
1030
|
+
"none"
|
|
1031
|
+
],
|
|
1001
1032
|
ADD_ATTR: [
|
|
1002
1033
|
"allowfullscreen",
|
|
1003
1034
|
"allow",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@instructure/platform-assignment-review",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.20",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.js",
|
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
"graphql": "^16.0.0",
|
|
40
40
|
"graphql-tag": "^2.12.0",
|
|
41
41
|
"zod": "^3.23.8",
|
|
42
|
-
"@instructure/platform-sanitize": "0.5.
|
|
42
|
+
"@instructure/platform-sanitize": "0.5.3"
|
|
43
43
|
},
|
|
44
44
|
"devDependencies": {
|
|
45
45
|
"@testing-library/jest-dom": "^6.9.1",
|