npm - @marimo-team/islands - Versions diffs - 0.21.1-dev7 → 0.21.1-dev8 - Mend

@marimo-team/islands 0.21.1-dev7 → 0.21.1-dev8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/main.js +27 -27
package/package.json +1 -1
package/src/core/dom/outline.ts +1 -1
package/src/plugins/core/sanitize-html.ts +50 -0
package/src/plugins/core/sanitize.ts +3 -49

package/dist/main.js CHANGED Viewed

@@ -32214,30 +32214,6 @@ ${c.sqlString}
       afterCursorCode: getEditorCodeAsPython(e, v)
     };
   }
-  require_compiler_runtime();
-  const hasRunAnyCellAtom = atom(false);
-  function getInitialAppMode() {
-    let e = store.get(initialModeAtom);
-    return assertExists(e, "internal-error: initial mode not found"), invariant(e !== "present", "internal-error: initial mode cannot be 'present'"), e;
-  }
-  const viewStateAtom = atom({
-    mode: isIslands() ? "read" : "not-set",
-    cellAnchor: null
-  }), initialModeAtom = atom(void 0), kioskModeAtom = atom(false);
-  var sanitizeHtmlAtom = atom((e) => {
-    let r = e(hasRunAnyCellAtom), c = e(autoInstantiateAtom);
-    if (r || c) return false;
-    let d = true;
-    try {
-      d = getInitialAppMode() === "read";
-    } catch {
-      return true;
-    }
-    return !d;
-  });
-  function useSanitizeHtml() {
-    return useAtomValue(sanitizeHtmlAtom);
-  }
   var TEMPORARY_ATTRIBUTE = "data-temp-href-target";
   purify.addHook("beforeSanitizeAttributes", (e) => {
     e.tagName === "A" && (e.hasAttribute("target") || e.setAttribute("target", "_self"), e.hasAttribute("target") && e.setAttribute(TEMPORARY_ATTRIBUTE, e.getAttribute("target") || ""));
@@ -37118,9 +37094,9 @@ ${c.sqlString}
       Logger.debug(`Doc lookup failed for "${e}"`, r2);
     }
   }
-  var import_compiler_runtime$151 = require_compiler_runtime();
+  var import_compiler_runtime$152 = require_compiler_runtime();
   const DocHoverTarget = (e) => {
-    let r = (0, import_compiler_runtime$151.c)(8), { qualifiedName: c, children: d } = e, f;
+    let r = (0, import_compiler_runtime$152.c)(8), { qualifiedName: c, children: d } = e, f;
     r[0] === c ? f = r[1] : (f = () => {
       requestOutputDocumentation(c);
     }, r[0] = c, r[1] = f);
@@ -37133,6 +37109,30 @@ ${c.sqlString}
       children: d
     }), r[4] = d, r[5] = _, r[6] = v, r[7] = y) : y = r[7], y;
   };
+  require_compiler_runtime();
+  const hasRunAnyCellAtom = atom(false);
+  function getInitialAppMode() {
+    let e = store.get(initialModeAtom);
+    return assertExists(e, "internal-error: initial mode not found"), invariant(e !== "present", "internal-error: initial mode cannot be 'present'"), e;
+  }
+  const viewStateAtom = atom({
+    mode: isIslands() ? "read" : "not-set",
+    cellAnchor: null
+  }), initialModeAtom = atom(void 0), kioskModeAtom = atom(false);
+  var sanitizeHtmlAtom = atom((e) => {
+    let r = e(hasRunAnyCellAtom), c = e(autoInstantiateAtom);
+    if (r || c) return false;
+    let d = true;
+    try {
+      d = getInitialAppMode() === "read";
+    } catch {
+      return true;
+    }
+    return !d;
+  });
+  function useSanitizeHtml() {
+    return useAtomValue(sanitizeHtmlAtom);
+  }
   var import_compiler_runtime$150 = require_compiler_runtime(), replaceValidTags = (e) => {
     if (e instanceof import_lib$1.Element && !/^[A-Za-z][\w-]*$/.test(e.name)) return import_react.createElement(import_react.Fragment);
   }, removeWrappingBodyTags = (e, r) => {
@@ -70720,7 +70720,7 @@ Image URL: ${r.imageUrl}`)), contextToXml({
       return Logger.warn("Failed to get version from mount config"), null;
     }
   }
-  const marimoVersionAtom = atom(getVersionFromMountConfig() || "0.21.1-dev7"), showCodeInRunModeAtom = atom(true);
+  const marimoVersionAtom = atom(getVersionFromMountConfig() || "0.21.1-dev8"), showCodeInRunModeAtom = atom(true);
   atom(null);
   var import_compiler_runtime$89 = require_compiler_runtime();
   function useKeydownOnElement(e, r) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@marimo-team/islands",
-  "version": "0.21.1-dev7",
+  "version": "0.21.1-dev8",
   "main": "dist/main.js",
   "types": "dist/index.d.ts",
   "type": "module",

package/src/core/dom/outline.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /* Copyright 2026 Marimo. All rights reserved. */
-import { sanitizeHtml } from "@/plugins/core/sanitize";
+import { sanitizeHtml } from "@/plugins/core/sanitize-html";
 import { invariant } from "@/utils/invariant";
 import { Logger } from "@/utils/Logger";
 import type { Outline, OutlineItem } from "../cells/outline";

package/src/plugins/core/sanitize-html.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/* Copyright 2026 Marimo. All rights reserved. */
+import DOMPurify, { type Config } from "dompurify";
+// preserve target=_blank https://github.com/cure53/DOMPurify/issues/317#issuecomment-912474068
+const TEMPORARY_ATTRIBUTE = "data-temp-href-target";
+DOMPurify.addHook("beforeSanitizeAttributes", (node) => {
+  if (node.tagName === "A") {
+    if (!node.hasAttribute("target")) {
+      node.setAttribute("target", "_self");
+    }
+    if (node.hasAttribute("target")) {
+      node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute("target") || "");
+    }
+  }
+});
+DOMPurify.addHook("afterSanitizeAttributes", (node) => {
+  if (node.tagName === "A" && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
+    node.setAttribute("target", node.getAttribute(TEMPORARY_ATTRIBUTE) || "");
+    node.removeAttribute(TEMPORARY_ATTRIBUTE);
+    if (node.getAttribute("target") === "_blank") {
+      node.setAttribute("rel", "noopener noreferrer");
+    }
+  }
+});
+/**
+ * This removes script tags, form tags, iframe tags, and other potentially dangerous tags
+ */
+export function sanitizeHtml(html: string) {
+  const sanitizationOptions: Config = {
+    // Default to permit HTML, SVG and MathML, this limits to HTML only
+    USE_PROFILES: { html: true, svg: true, mathMl: true },
+    // Allow SVG <use> elements and their href attributes, which are needed
+    // for SVGs that reference <defs> (e.g., Matplotlib SVG output).
+    ADD_TAGS: ["use"],
+    ADD_ATTR: ["href", "xlink:href"],
+    // glue elements like style, script or others to document.body and prevent unintuitive browser behavior in several edge-cases
+    FORCE_BODY: true,
+    CUSTOM_ELEMENT_HANDLING: {
+      tagNameCheck: /^(marimo-[A-Za-z][\w-]*|iconify-icon)$/,
+      attributeNameCheck: /^[A-Za-z][\w-]*$/,
+    },
+    // This flag means we should sanitize such that is it safe for XML,
+    // but this is only used for HTML content.
+    SAFE_FOR_XML: !html.includes("marimo-mermaid"),
+  };
+  return DOMPurify.sanitize(html, sanitizationOptions);
+}

package/src/plugins/core/sanitize.ts CHANGED Viewed

@@ -1,10 +1,12 @@
 /* Copyright 2026 Marimo. All rights reserved. */
-import DOMPurify, { type Config } from "dompurify";
 import { atom, useAtomValue } from "jotai";
 import { hasRunAnyCellAtom } from "@/components/editor/cell/useRunCells";
 import { autoInstantiateAtom } from "@/core/config/config";
 import { getInitialAppMode } from "@/core/mode";
+// Re-export so existing consumers don't break.
+export { sanitizeHtml } from "./sanitize-html";
 /**
  * Whether to sanitize the html.
  * When running as an app or with auto_instantiate enabled
@@ -42,51 +44,3 @@ const sanitizeHtmlAtom = atom<boolean>((get) => {
 export function useSanitizeHtml() {
   return useAtomValue(sanitizeHtmlAtom);
 }
-// preserve target=_blank https://github.com/cure53/DOMPurify/issues/317#issuecomment-912474068
-const TEMPORARY_ATTRIBUTE = "data-temp-href-target";
-DOMPurify.addHook("beforeSanitizeAttributes", (node) => {
-  if (node.tagName === "A") {
-    if (!node.hasAttribute("target")) {
-      node.setAttribute("target", "_self");
-    }
-    if (node.hasAttribute("target")) {
-      node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute("target") || "");
-    }
-  }
-});
-DOMPurify.addHook("afterSanitizeAttributes", (node) => {
-  if (node.tagName === "A" && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
-    node.setAttribute("target", node.getAttribute(TEMPORARY_ATTRIBUTE) || "");
-    node.removeAttribute(TEMPORARY_ATTRIBUTE);
-    if (node.getAttribute("target") === "_blank") {
-      node.setAttribute("rel", "noopener noreferrer");
-    }
-  }
-});
-/**
- * This removes script tags, form tags, iframe tags, and other potentially dangerous tags
- */
-export function sanitizeHtml(html: string) {
-  const sanitizationOptions: Config = {
-    // Default to permit HTML, SVG and MathML, this limits to HTML only
-    USE_PROFILES: { html: true, svg: true, mathMl: true },
-    // Allow SVG <use> elements and their href attributes, which are needed
-    // for SVGs that reference <defs> (e.g., Matplotlib SVG output).
-    ADD_TAGS: ["use"],
-    ADD_ATTR: ["href", "xlink:href"],
-    // glue elements like style, script or others to document.body and prevent unintuitive browser behavior in several edge-cases
-    FORCE_BODY: true,
-    CUSTOM_ELEMENT_HANDLING: {
-      tagNameCheck: /^(marimo-[A-Za-z][\w-]*|iconify-icon)$/,
-      attributeNameCheck: /^[A-Za-z][\w-]*$/,
-    },
-    // This flag means we should sanitize such that is it safe for XML,
-    // but this is only used for HTML content.
-    SAFE_FOR_XML: !html.includes("marimo-mermaid"),
-  };
-  return DOMPurify.sanitize(html, sanitizationOptions);
-}