@instructure/platform-sanitize 0.3.12 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=sanitizeHtml.browser.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sanitizeHtml.browser.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/sanitizeHtml.browser.test.ts"],"names":[],"mappings":""}
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import c from "dompurify";
2
- const b = /* @__PURE__ */ new Set([
2
+ const p = /* @__PURE__ */ new Set([
3
3
  // layout
4
4
  "display",
5
5
  "float",
@@ -106,6 +106,13 @@ const b = /* @__PURE__ */ new Set([
106
106
  "border-style",
107
107
  "border-width",
108
108
  "border-radius",
109
+ // Chrome's CSSOM expands border-radius to these four longhands when iterating
110
+ // element.style — the shorthand itself never appears in the iterator, so the
111
+ // hook would strip all four corners unless they are explicitly listed here.
112
+ "border-top-left-radius",
113
+ "border-top-right-radius",
114
+ "border-bottom-right-radius",
115
+ "border-bottom-left-radius",
109
116
  "border-collapse",
110
117
  "border-spacing",
111
118
  "border-top",
@@ -130,6 +137,9 @@ const b = /* @__PURE__ */ new Set([
130
137
  "outline-color",
131
138
  "outline-style",
132
139
  "outline-width",
140
+ // outline-offset is not part of the `outline` shorthand, so it must be listed
141
+ // separately or it is stripped when authored on its own (focus-ring styling).
142
+ "outline-offset",
133
143
  // list
134
144
  "list-style",
135
145
  "list-style-image",
@@ -307,7 +317,7 @@ function k() {
307
317
  const e = t.style, o = [];
308
318
  for (let n = 0; n < e.length; n++) {
309
319
  const a = e.item(n);
310
- b.has(a) || o.push(a);
320
+ p.has(a) || o.push(a);
311
321
  }
312
322
  for (const n of o) e.removeProperty(n);
313
323
  const r = /* @__PURE__ */ new Set([
@@ -348,7 +358,7 @@ function R(t, e) {
348
358
  const o = e != null && e.allowFormAttributeNames ? { ...d, SANITIZE_DOM: !1 } : d;
349
359
  return k().sanitize(t ?? "", o);
350
360
  }
351
- const f = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), l = "http://platform-sanitize.invalid/", g = /^\s*\/\//, p = (
361
+ const f = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), l = "http://platform-sanitize.invalid/", b = /^\s*\/\//, g = (
352
362
  // oxlint-disable-next-line no-control-regex -- intentional security guard
353
363
  /^[\u0000-\u0020\u007F-\u00A0\u2000-\u200F\u2028\u2029\u202F\u205F\u2060\u3000\uFEFF]*(?:javascript|data|vbscript|file):/i
354
364
  ), A = {
@@ -386,10 +396,10 @@ function E(t) {
386
396
  function S(t) {
387
397
  if (!t || !t.trim()) return "about:blank";
388
398
  const e = t.replace(/\\/g, "/");
389
- if (g.test(e) || p.test(e)) return "about:blank";
399
+ if (b.test(e) || g.test(e)) return "about:blank";
390
400
  if (/&[#A-Za-z]/.test(e)) {
391
401
  const o = E(e);
392
- if (g.test(o) || p.test(o))
402
+ if (b.test(o) || g.test(o))
393
403
  return "about:blank";
394
404
  try {
395
405
  const r = new URL(o, l);
@@ -1 +1 @@
1
- {"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AA6aA,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,OAAO,CAAC,EAAE;IAAE,uBAAuB,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9C,MAAM,CASR"}
1
+ {"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AAubA,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,OAAO,CAAC,EAAE;IAAE,uBAAuB,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9C,MAAM,CASR"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@instructure/platform-sanitize",
3
- "version": "0.3.12",
3
+ "version": "0.3.13",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.js",
@@ -22,9 +22,12 @@
22
22
  },
23
23
  "devDependencies": {
24
24
  "@types/trusted-types": "^2.0.7",
25
+ "@vitest/browser": "^4.0.17",
26
+ "@vitest/browser-playwright": "^4.0.17",
25
27
  "@vitest/coverage-v8": "^4.0.17",
26
28
  "dompurify": "^3.4.0",
27
29
  "jsdom": "^25.0.0",
30
+ "playwright": "^1.60.0",
28
31
  "typescript": "^5.3.0",
29
32
  "vite": "^6.0.0",
30
33
  "vite-plugin-dts": "^4.0.0",
@@ -34,6 +37,7 @@
34
37
  "build": "vite build",
35
38
  "dev": "vite build --watch",
36
39
  "test": "vitest run",
40
+ "test:browser": "vitest run --config vitest.browser.config.ts",
37
41
  "test:watch": "vitest",
38
42
  "test:coverage": "vitest run --coverage",
39
43
  "type-check": "tsc --noEmit"