@instructure/platform-sanitize 0.3.17 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +7 -16
- package/dist/sanitizeHtml.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -252,16 +252,7 @@ const m = /* @__PURE__ */ new Set([
|
|
|
252
252
|
"cite",
|
|
253
253
|
"longdesc",
|
|
254
254
|
"xlink:href"
|
|
255
|
-
]), h = [
|
|
256
|
-
"background",
|
|
257
|
-
"background-image",
|
|
258
|
-
"list-style",
|
|
259
|
-
"list-style-image",
|
|
260
|
-
"cursor",
|
|
261
|
-
// content: url(...) triggers an HTTP GET even on non-pseudo elements in some
|
|
262
|
-
// browsers; strip it as defense-in-depth against tracking-pixel exfiltration.
|
|
263
|
-
"content"
|
|
264
|
-
], y = /url\s*\(\s*['"]?(?:[a-z][a-z0-9+\-.]*:|\/\/)/i, k = /* @__PURE__ */ new Set([
|
|
255
|
+
]), h = ["content"], y = /url\s*\(\s*['"]?(?:[a-z][a-z0-9+\-.]*:|\/\/)/i, A = /* @__PURE__ */ new Set([
|
|
265
256
|
"allow-downloads",
|
|
266
257
|
"allow-forms",
|
|
267
258
|
"allow-modals",
|
|
@@ -320,7 +311,7 @@ const m = /* @__PURE__ */ new Set([
|
|
|
320
311
|
FORCE_BODY: !0
|
|
321
312
|
};
|
|
322
313
|
let a = null;
|
|
323
|
-
function
|
|
314
|
+
function k() {
|
|
324
315
|
return a || (a = typeof d == "function" ? d(window) : d, a.addHook("afterSanitizeAttributes", (r) => {
|
|
325
316
|
if (!(r instanceof Element) || !r.hasAttribute("style")) return;
|
|
326
317
|
const t = r.style, e = [];
|
|
@@ -374,7 +365,7 @@ function A() {
|
|
|
374
365
|
e.add("noopener"), r.setAttribute("rel", [...e].join(" "));
|
|
375
366
|
}), a.addHook("afterSanitizeAttributes", (r) => {
|
|
376
367
|
if (!(r instanceof Element) || r.tagName !== "IFRAME" || !r.hasAttribute("sandbox")) return;
|
|
377
|
-
const e = (r.getAttribute("sandbox") ?? "").toLowerCase().split(/\s+/).filter(Boolean), o = e.filter((l) =>
|
|
368
|
+
const e = (r.getAttribute("sandbox") ?? "").toLowerCase().split(/\s+/).filter(Boolean), o = e.filter((l) => A.has(l));
|
|
378
369
|
o.length !== e.length && r.setAttribute("sandbox", o.join(" "));
|
|
379
370
|
}), a);
|
|
380
371
|
}
|
|
@@ -382,9 +373,9 @@ function v(r, t) {
|
|
|
382
373
|
if (typeof window > "u")
|
|
383
374
|
throw new Error("sanitizeHtml requires a DOM environment (window is not defined)");
|
|
384
375
|
const e = t != null && t.allowFormAttributeNames ? { ...f, SANITIZE_DOM: !1 } : f;
|
|
385
|
-
return
|
|
376
|
+
return k().sanitize(r ?? "", e);
|
|
386
377
|
}
|
|
387
|
-
const p = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), c = "http://platform-sanitize.invalid/",
|
|
378
|
+
const p = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]), c = "http://platform-sanitize.invalid/", b = /^\s*\/\//, g = (
|
|
388
379
|
// oxlint-disable-next-line no-control-regex -- intentional security guard
|
|
389
380
|
/^[\u0000-\u0020\u007F-\u00A0\u2000-\u200F\u2028\u2029\u202F\u205F\u2060\u3000\uFEFF]*(?:javascript|data|vbscript|file):/i
|
|
390
381
|
), S = {
|
|
@@ -422,10 +413,10 @@ function E(r) {
|
|
|
422
413
|
function R(r) {
|
|
423
414
|
if (!r || !r.trim()) return "about:blank";
|
|
424
415
|
const t = r.replace(/\\/g, "/");
|
|
425
|
-
if (
|
|
416
|
+
if (b.test(t) || g.test(t)) return "about:blank";
|
|
426
417
|
if (/&[#A-Za-z]/.test(t)) {
|
|
427
418
|
const e = E(t);
|
|
428
|
-
if (
|
|
419
|
+
if (b.test(e) || g.test(e))
|
|
429
420
|
return "about:blank";
|
|
430
421
|
try {
|
|
431
422
|
const o = new URL(e, c);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sanitizeHtml.d.ts","sourceRoot":"","sources":["../src/sanitizeHtml.ts"],"names":[],"mappings":"AA6dA,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,OAAO,CAAC,EAAE;IAAE,uBAAuB,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9C,MAAM,CASR"}
|