@malaya_jeeva/rich-text-editor 1.0.8 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +39 -4
- package/dist/index.mjs +39 -4
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -224,7 +224,42 @@ function getColorAtCursor(editor) {
|
|
|
224
224
|
}
|
|
225
225
|
return "#000000";
|
|
226
226
|
}
|
|
227
|
+
function sanitizeScriptTags(html) {
|
|
228
|
+
const div = document.createElement("div");
|
|
229
|
+
div.innerHTML = html;
|
|
230
|
+
div.querySelectorAll("script").forEach((script) => script.remove());
|
|
231
|
+
const riskyAttrs = [
|
|
232
|
+
"onabort",
|
|
233
|
+
"onblur",
|
|
234
|
+
"onchange",
|
|
235
|
+
"onclick",
|
|
236
|
+
"ondblclick",
|
|
237
|
+
"onerror",
|
|
238
|
+
"onfocus",
|
|
239
|
+
"onkeydown",
|
|
240
|
+
"onkeypress",
|
|
241
|
+
"onkeyup",
|
|
242
|
+
"onload",
|
|
243
|
+
"onmousedown",
|
|
244
|
+
"onmousemove",
|
|
245
|
+
"onmouseout",
|
|
246
|
+
"onmouseover",
|
|
247
|
+
"onmouseup",
|
|
248
|
+
"onresize",
|
|
249
|
+
"onscroll",
|
|
250
|
+
"onselect",
|
|
251
|
+
"onsubmit",
|
|
252
|
+
"onunload"
|
|
253
|
+
];
|
|
254
|
+
div.querySelectorAll("*").forEach((el) => {
|
|
255
|
+
riskyAttrs.forEach((attr) => {
|
|
256
|
+
if (el.hasAttribute(attr)) el.removeAttribute(attr);
|
|
257
|
+
});
|
|
258
|
+
});
|
|
259
|
+
return div.innerHTML;
|
|
260
|
+
}
|
|
227
261
|
function prettifyHtml(html) {
|
|
262
|
+
const cleanHtml = sanitizeScriptTags(html);
|
|
228
263
|
const INLINE = /* @__PURE__ */ new Set(["a", "b", "i", "u", "em", "strong", "span", "code", "br", "small", "sub", "sup"]);
|
|
229
264
|
let indent = 0;
|
|
230
265
|
const pad = () => " ".repeat(indent);
|
|
@@ -1207,8 +1242,8 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1207
1242
|
else setLinkInfoFP(null);
|
|
1208
1243
|
const txt = (_b = (_a2 = editorRef.current) == null ? void 0 : _a2.innerText) != null ? _b : "";
|
|
1209
1244
|
setWords(txt.trim() ? txt.trim().split(/\s+/).length : 0);
|
|
1210
|
-
onChange == null ? void 0 : onChange((_d = (_c = editorRef.current) == null ? void 0 : _c.innerHTML) != null ? _d : "");
|
|
1211
|
-
}, [onChange, calcFloat, linkBar]);
|
|
1245
|
+
onChange == null ? void 0 : onChange(sanitizeScriptTags((_d = (_c = editorRef.current) == null ? void 0 : _c.innerHTML) != null ? _d : ""));
|
|
1246
|
+
}, [onChange, calcFloat, linkBar, sanitizeScriptTags]);
|
|
1212
1247
|
const exec = (0, import_react5.useCallback)((cmd, val = null) => {
|
|
1213
1248
|
var _a2;
|
|
1214
1249
|
(_a2 = editorRef.current) == null ? void 0 : _a2.focus();
|
|
@@ -1449,7 +1484,7 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1449
1484
|
setIsCode(true);
|
|
1450
1485
|
};
|
|
1451
1486
|
const toVisual = () => {
|
|
1452
|
-
if (editorRef.current) editorRef.current.innerHTML = codeVal;
|
|
1487
|
+
if (editorRef.current) editorRef.current.innerHTML = sanitizeScriptTags(codeVal);
|
|
1453
1488
|
setIsCode(false);
|
|
1454
1489
|
refresh();
|
|
1455
1490
|
};
|
|
@@ -1460,7 +1495,7 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1460
1495
|
};
|
|
1461
1496
|
(0, import_react5.useEffect)(() => {
|
|
1462
1497
|
if (editorRef.current) {
|
|
1463
|
-
editorRef.current.innerHTML = value != null ? value : "<p>Start writing here...</p>";
|
|
1498
|
+
editorRef.current.innerHTML = sanitizeScriptTags(value != null ? value : "<p>Start writing here...</p>");
|
|
1464
1499
|
refresh();
|
|
1465
1500
|
}
|
|
1466
1501
|
}, []);
|
package/dist/index.mjs
CHANGED
|
@@ -203,7 +203,42 @@ function getColorAtCursor(editor) {
|
|
|
203
203
|
}
|
|
204
204
|
return "#000000";
|
|
205
205
|
}
|
|
206
|
+
function sanitizeScriptTags(html) {
|
|
207
|
+
const div = document.createElement("div");
|
|
208
|
+
div.innerHTML = html;
|
|
209
|
+
div.querySelectorAll("script").forEach((script) => script.remove());
|
|
210
|
+
const riskyAttrs = [
|
|
211
|
+
"onabort",
|
|
212
|
+
"onblur",
|
|
213
|
+
"onchange",
|
|
214
|
+
"onclick",
|
|
215
|
+
"ondblclick",
|
|
216
|
+
"onerror",
|
|
217
|
+
"onfocus",
|
|
218
|
+
"onkeydown",
|
|
219
|
+
"onkeypress",
|
|
220
|
+
"onkeyup",
|
|
221
|
+
"onload",
|
|
222
|
+
"onmousedown",
|
|
223
|
+
"onmousemove",
|
|
224
|
+
"onmouseout",
|
|
225
|
+
"onmouseover",
|
|
226
|
+
"onmouseup",
|
|
227
|
+
"onresize",
|
|
228
|
+
"onscroll",
|
|
229
|
+
"onselect",
|
|
230
|
+
"onsubmit",
|
|
231
|
+
"onunload"
|
|
232
|
+
];
|
|
233
|
+
div.querySelectorAll("*").forEach((el) => {
|
|
234
|
+
riskyAttrs.forEach((attr) => {
|
|
235
|
+
if (el.hasAttribute(attr)) el.removeAttribute(attr);
|
|
236
|
+
});
|
|
237
|
+
});
|
|
238
|
+
return div.innerHTML;
|
|
239
|
+
}
|
|
206
240
|
function prettifyHtml(html) {
|
|
241
|
+
const cleanHtml = sanitizeScriptTags(html);
|
|
207
242
|
const INLINE = /* @__PURE__ */ new Set(["a", "b", "i", "u", "em", "strong", "span", "code", "br", "small", "sub", "sup"]);
|
|
208
243
|
let indent = 0;
|
|
209
244
|
const pad = () => " ".repeat(indent);
|
|
@@ -1186,8 +1221,8 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1186
1221
|
else setLinkInfoFP(null);
|
|
1187
1222
|
const txt = (_b = (_a2 = editorRef.current) == null ? void 0 : _a2.innerText) != null ? _b : "";
|
|
1188
1223
|
setWords(txt.trim() ? txt.trim().split(/\s+/).length : 0);
|
|
1189
|
-
onChange == null ? void 0 : onChange((_d = (_c = editorRef.current) == null ? void 0 : _c.innerHTML) != null ? _d : "");
|
|
1190
|
-
}, [onChange, calcFloat, linkBar]);
|
|
1224
|
+
onChange == null ? void 0 : onChange(sanitizeScriptTags((_d = (_c = editorRef.current) == null ? void 0 : _c.innerHTML) != null ? _d : ""));
|
|
1225
|
+
}, [onChange, calcFloat, linkBar, sanitizeScriptTags]);
|
|
1191
1226
|
const exec = useCallback3((cmd, val = null) => {
|
|
1192
1227
|
var _a2;
|
|
1193
1228
|
(_a2 = editorRef.current) == null ? void 0 : _a2.focus();
|
|
@@ -1428,7 +1463,7 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1428
1463
|
setIsCode(true);
|
|
1429
1464
|
};
|
|
1430
1465
|
const toVisual = () => {
|
|
1431
|
-
if (editorRef.current) editorRef.current.innerHTML = codeVal;
|
|
1466
|
+
if (editorRef.current) editorRef.current.innerHTML = sanitizeScriptTags(codeVal);
|
|
1432
1467
|
setIsCode(false);
|
|
1433
1468
|
refresh();
|
|
1434
1469
|
};
|
|
@@ -1439,7 +1474,7 @@ function RichTextEditor({ value, onChange, toolbar }) {
|
|
|
1439
1474
|
};
|
|
1440
1475
|
useEffect3(() => {
|
|
1441
1476
|
if (editorRef.current) {
|
|
1442
|
-
editorRef.current.innerHTML = value != null ? value : "<p>Start writing here...</p>";
|
|
1477
|
+
editorRef.current.innerHTML = sanitizeScriptTags(value != null ? value : "<p>Start writing here...</p>");
|
|
1443
1478
|
refresh();
|
|
1444
1479
|
}
|
|
1445
1480
|
}, []);
|