@instructure/platform-sanitize 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import n from "dompurify";
1
+ import a from "dompurify";
2
2
  const d = /* @__PURE__ */ new Set([
3
3
  // layout
4
4
  "display",
@@ -127,7 +127,18 @@ const d = /* @__PURE__ */ new Set([
127
127
  "grid-template-areas",
128
128
  "grid-template-columns",
129
129
  "grid-template-rows"
130
- ]), s = {
130
+ ]), c = /* @__PURE__ */ new Set([
131
+ "src",
132
+ "href",
133
+ "action",
134
+ "formaction",
135
+ "data",
136
+ "poster",
137
+ "background",
138
+ "cite",
139
+ "longdesc",
140
+ "xlink:href"
141
+ ]), l = /^\s*(\/\/|\\)/, f = {
131
142
  ADD_TAGS: ["iframe"],
132
143
  ADD_ATTR: [
133
144
  "allowfullscreen",
@@ -161,34 +172,39 @@ const d = /* @__PURE__ */ new Set([
161
172
  RETURN_TRUSTED_TYPE: !0
162
173
  };
163
174
  let o = null;
164
- function f() {
165
- return o || (o = typeof n == "function" ? n(window) : n, o.addHook("afterSanitizeAttributes", (t) => {
175
+ function g() {
176
+ return o || (o = typeof a == "function" ? a(window) : a, o.addHook("afterSanitizeAttributes", (t) => {
166
177
  if (!(t instanceof Element) || !t.hasAttribute("style")) return;
167
178
  const e = t.style, i = [];
168
179
  for (let r = 0; r < e.length; r++) {
169
- const a = e.item(r);
170
- d.has(a) || i.push(a);
180
+ const n = e.item(r);
181
+ d.has(n) || i.push(n);
171
182
  }
172
183
  for (const r of i) e.removeProperty(r);
173
184
  e.length === 0 && t.removeAttribute("style");
185
+ }), o.addHook("uponSanitizeAttribute", (t, e) => {
186
+ c.has(e.attrName) && l.test(e.attrValue) && (e.keepAttr = !1);
187
+ }), o.addHook("afterSanitizeAttributes", (t) => {
188
+ if (!(t instanceof Element) || !t.hasAttribute("srcset")) return;
189
+ (t.getAttribute("srcset") ?? "").split(",").map((r) => r.trim().split(/\s+/)[0]).some((r) => l.test(r)) && t.removeAttribute("srcset");
174
190
  }), o);
175
191
  }
176
- function m(t) {
192
+ function p(t) {
177
193
  if (typeof window > "u")
178
194
  throw new Error("sanitizeHtml requires a DOM environment (window is not defined)");
179
- return f().sanitize(t ?? "", s);
195
+ return g().sanitize(t ?? "", f);
180
196
  }
181
- const g = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), l = "http://platform-sanitize.invalid/";
182
- function b(t) {
183
- if (!t || !t.trim()) return "about:blank";
197
+ const m = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), s = "http://platform-sanitize.invalid/", u = /^\s*\/\//;
198
+ function h(t) {
199
+ if (!t || !t.trim() || u.test(t)) return "about:blank";
184
200
  try {
185
- const e = new URL(t, l);
186
- return g.has(e.protocol) ? e.href.startsWith(l) ? t : e.href : "about:blank";
201
+ const e = new URL(t, s);
202
+ return m.has(e.protocol) ? e.href.startsWith(s) ? t : e.href : "about:blank";
187
203
  } catch {
188
204
  return "about:blank";
189
205
  }
190
206
  }
191
207
  export {
192
- m as sanitizeHtml,
193
- b as sanitizeUrl
208
+ p as sanitizeHtml,
209
+ h as sanitizeUrl
194
210
  };
@@ -1 +1 @@
1
- {"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AAyMA,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAKpE"}
1
+ {"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AA4OA,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAKpE"}
@@ -1 +1 @@
1
- {"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"AAiBA,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAYlE"}
1
+ {"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"AAwBA,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAalE"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@instructure/platform-sanitize",
3
- "version": "0.2.1",
3
+ "version": "0.3.0",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.js",