@instructure/platform-sanitize 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +31 -15
- package/dist/sanitizeHtml.d.ts.map +1 -1
- package/dist/sanitizeUrl.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import
|
|
1
|
+
import a from "dompurify";
|
|
2
2
|
const d = /* @__PURE__ */ new Set([
|
|
3
3
|
// layout
|
|
4
4
|
"display",
|
|
@@ -127,7 +127,18 @@ const d = /* @__PURE__ */ new Set([
|
|
|
127
127
|
"grid-template-areas",
|
|
128
128
|
"grid-template-columns",
|
|
129
129
|
"grid-template-rows"
|
|
130
|
-
]),
|
|
130
|
+
]), c = /* @__PURE__ */ new Set([
|
|
131
|
+
"src",
|
|
132
|
+
"href",
|
|
133
|
+
"action",
|
|
134
|
+
"formaction",
|
|
135
|
+
"data",
|
|
136
|
+
"poster",
|
|
137
|
+
"background",
|
|
138
|
+
"cite",
|
|
139
|
+
"longdesc",
|
|
140
|
+
"xlink:href"
|
|
141
|
+
]), l = /^\s*(\/\/|\\)/, f = {
|
|
131
142
|
ADD_TAGS: ["iframe"],
|
|
132
143
|
ADD_ATTR: [
|
|
133
144
|
"allowfullscreen",
|
|
@@ -161,34 +172,39 @@ const d = /* @__PURE__ */ new Set([
|
|
|
161
172
|
RETURN_TRUSTED_TYPE: !0
|
|
162
173
|
};
|
|
163
174
|
let o = null;
|
|
164
|
-
function
|
|
165
|
-
return o || (o = typeof
|
|
175
|
+
function g() {
|
|
176
|
+
return o || (o = typeof a == "function" ? a(window) : a, o.addHook("afterSanitizeAttributes", (t) => {
|
|
166
177
|
if (!(t instanceof Element) || !t.hasAttribute("style")) return;
|
|
167
178
|
const e = t.style, i = [];
|
|
168
179
|
for (let r = 0; r < e.length; r++) {
|
|
169
|
-
const
|
|
170
|
-
d.has(
|
|
180
|
+
const n = e.item(r);
|
|
181
|
+
d.has(n) || i.push(n);
|
|
171
182
|
}
|
|
172
183
|
for (const r of i) e.removeProperty(r);
|
|
173
184
|
e.length === 0 && t.removeAttribute("style");
|
|
185
|
+
}), o.addHook("uponSanitizeAttribute", (t, e) => {
|
|
186
|
+
c.has(e.attrName) && l.test(e.attrValue) && (e.keepAttr = !1);
|
|
187
|
+
}), o.addHook("afterSanitizeAttributes", (t) => {
|
|
188
|
+
if (!(t instanceof Element) || !t.hasAttribute("srcset")) return;
|
|
189
|
+
(t.getAttribute("srcset") ?? "").split(",").map((r) => r.trim().split(/\s+/)[0]).some((r) => l.test(r)) && t.removeAttribute("srcset");
|
|
174
190
|
}), o);
|
|
175
191
|
}
|
|
176
|
-
function
|
|
192
|
+
function p(t) {
|
|
177
193
|
if (typeof window > "u")
|
|
178
194
|
throw new Error("sanitizeHtml requires a DOM environment (window is not defined)");
|
|
179
|
-
return
|
|
195
|
+
return g().sanitize(t ?? "", f);
|
|
180
196
|
}
|
|
181
|
-
const
|
|
182
|
-
function
|
|
183
|
-
if (!t || !t.trim()) return "about:blank";
|
|
197
|
+
const m = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), s = "http://platform-sanitize.invalid/", u = /^\s*\/\//;
|
|
198
|
+
function h(t) {
|
|
199
|
+
if (!t || !t.trim() || u.test(t)) return "about:blank";
|
|
184
200
|
try {
|
|
185
|
-
const e = new URL(t,
|
|
186
|
-
return
|
|
201
|
+
const e = new URL(t, s);
|
|
202
|
+
return m.has(e.protocol) ? e.href.startsWith(s) ? t : e.href : "about:blank";
|
|
187
203
|
} catch {
|
|
188
204
|
return "about:blank";
|
|
189
205
|
}
|
|
190
206
|
}
|
|
191
207
|
export {
|
|
192
|
-
|
|
193
|
-
|
|
208
|
+
p as sanitizeHtml,
|
|
209
|
+
h as sanitizeUrl
|
|
194
210
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AA4OA,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAKpE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"AAwBA,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAalE"}
|