@instructure/platform-sanitize 0.3.1 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +19 -16
- package/dist/sanitizeUrl.d.ts.map +1 -1
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -172,41 +172,44 @@ const d = /* @__PURE__ */ new Set([
|
|
|
172
172
|
RETURN_TRUSTED_TYPE: !0
|
|
173
173
|
};
|
|
174
174
|
let i = null;
|
|
175
|
-
function
|
|
175
|
+
function u() {
|
|
176
176
|
return i || (i = typeof a == "function" ? a(window) : a, i.addHook("afterSanitizeAttributes", (t) => {
|
|
177
177
|
if (!(t instanceof Element) || !t.hasAttribute("style")) return;
|
|
178
|
-
const e = t.style,
|
|
179
|
-
for (let
|
|
180
|
-
const n = e.item(
|
|
181
|
-
d.has(n) ||
|
|
178
|
+
const e = t.style, r = [];
|
|
179
|
+
for (let o = 0; o < e.length; o++) {
|
|
180
|
+
const n = e.item(o);
|
|
181
|
+
d.has(n) || r.push(n);
|
|
182
182
|
}
|
|
183
|
-
for (const
|
|
183
|
+
for (const o of r) e.removeProperty(o);
|
|
184
184
|
e.length === 0 && t.removeAttribute("style");
|
|
185
185
|
}), i.addHook("uponSanitizeAttribute", (t, e) => {
|
|
186
186
|
c.has(e.attrName) && l.test(e.attrValue) && (e.keepAttr = !1);
|
|
187
187
|
}), i.addHook("afterSanitizeAttributes", (t) => {
|
|
188
188
|
if (!(t instanceof Element) || !t.hasAttribute("srcset")) return;
|
|
189
|
-
(t.getAttribute("srcset") ?? "").split(",").map((
|
|
189
|
+
(t.getAttribute("srcset") ?? "").split(",").map((o) => o.trim().split(/\s+/)[0]).some((o) => l.test(o)) && t.removeAttribute("srcset");
|
|
190
190
|
}), i);
|
|
191
191
|
}
|
|
192
|
-
function
|
|
192
|
+
function h(t) {
|
|
193
193
|
if (typeof window > "u")
|
|
194
194
|
throw new Error("sanitizeHtml requires a DOM environment (window is not defined)");
|
|
195
|
-
return
|
|
195
|
+
return u().sanitize(t ?? "", f);
|
|
196
196
|
}
|
|
197
|
-
const
|
|
198
|
-
|
|
197
|
+
const g = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), s = "http://platform-sanitize.invalid/", p = /^\s*\/\//, b = (
|
|
198
|
+
// biome-ignore lint/suspicious/noControlCharactersInRegex: intentional security guard
|
|
199
|
+
/^[\u0000-\u0020\u007F-\u00A0\u2000-\u200F\u2028\u2029\u202F\u205F\u2060\u3000\uFEFF]*(?:javascript|data|vbscript|file):/i
|
|
200
|
+
);
|
|
201
|
+
function w(t) {
|
|
199
202
|
if (!t || !t.trim()) return "about:blank";
|
|
200
203
|
const e = t.replace(/\\/g, "/");
|
|
201
|
-
if (
|
|
204
|
+
if (p.test(e) || b.test(e)) return "about:blank";
|
|
202
205
|
try {
|
|
203
|
-
const
|
|
204
|
-
return
|
|
206
|
+
const r = new URL(e, s);
|
|
207
|
+
return !g.has(r.protocol) || (r.protocol === "http:" || r.protocol === "https:") && (r.username || r.password) ? "about:blank" : r.href.startsWith(s) ? t : e.replace(/[\x00-\x1F]/g, "").replace(/%0[ad]/gi, "");
|
|
205
208
|
} catch {
|
|
206
209
|
return "about:blank";
|
|
207
210
|
}
|
|
208
211
|
}
|
|
209
212
|
export {
|
|
210
|
-
|
|
211
|
-
|
|
213
|
+
h as sanitizeHtml,
|
|
214
|
+
w as sanitizeUrl
|
|
212
215
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../src/sanitizeUrl.ts"],"names":[],"mappings":"AA2CA,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAiClE"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@instructure/platform-sanitize",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.4",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.js",
|
|
@@ -18,11 +18,11 @@
|
|
|
18
18
|
"access": "public"
|
|
19
19
|
},
|
|
20
20
|
"peerDependencies": {
|
|
21
|
-
"dompurify": "^3.
|
|
21
|
+
"dompurify": "^3.4.0"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
24
|
"@vitest/coverage-v8": "^4.0.17",
|
|
25
|
-
"dompurify": "^3.
|
|
25
|
+
"dompurify": "^3.4.0",
|
|
26
26
|
"jsdom": "^25.0.0",
|
|
27
27
|
"typescript": "^5.3.0",
|
|
28
28
|
"vite": "^6.0.0",
|