@nerimity/html-embed 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +11 -1
- package/package.json +1 -1
- package/src/index.ts +11 -1
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAkHA,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM;;;;;;;;IAEtC"}
|
package/dist/index.js
CHANGED
|
@@ -11,6 +11,7 @@ const allowedAttributes = ["href", "src", "color", "style", "class"];
|
|
|
11
11
|
const allowedCssProperties = [
|
|
12
12
|
"display",
|
|
13
13
|
"position",
|
|
14
|
+
"inset",
|
|
14
15
|
"backgroundColor",
|
|
15
16
|
"backgroundImage",
|
|
16
17
|
"backgroundRepeat",
|
|
@@ -88,7 +89,13 @@ function h(tag, props, ...children) {
|
|
|
88
89
|
const unsafeCssProperty = styles.find(style => {
|
|
89
90
|
if (style === "")
|
|
90
91
|
return false;
|
|
91
|
-
const
|
|
92
|
+
const keyVal = style.split(":");
|
|
93
|
+
const key = keyVal[0].trim();
|
|
94
|
+
const value = keyVal[1].trim();
|
|
95
|
+
console.log(key, value);
|
|
96
|
+
if (key === "position" && value === "fixed") {
|
|
97
|
+
throw new Error(value + " value is not allowed for " + key + "!");
|
|
98
|
+
}
|
|
92
99
|
return !allowedCssProperties.includes(cssNameToJsName(key));
|
|
93
100
|
});
|
|
94
101
|
if (unsafeCssProperty) {
|
|
@@ -117,6 +124,9 @@ function checkCSS(cssVal) {
|
|
|
117
124
|
if (!allowedCssProperties.includes(cssNameToJsName(property))) {
|
|
118
125
|
throw new Error(property + " style is not allowed!");
|
|
119
126
|
}
|
|
127
|
+
if (property === "position" && value === "fixed") {
|
|
128
|
+
throw new Error(value + " value is not allowed for " + property + "!");
|
|
129
|
+
}
|
|
120
130
|
}
|
|
121
131
|
}
|
|
122
132
|
}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -7,6 +7,7 @@ const allowedAttributes = ["href", "src", "color", "style", "class"]
|
|
|
7
7
|
const allowedCssProperties = [
|
|
8
8
|
"display",
|
|
9
9
|
"position",
|
|
10
|
+
"inset",
|
|
10
11
|
"backgroundColor",
|
|
11
12
|
"backgroundImage",
|
|
12
13
|
"backgroundRepeat",
|
|
@@ -87,7 +88,13 @@ function h(tag: string, props: any, ...children: any[]) {
|
|
|
87
88
|
const styles: string[] = props.style.split(";");
|
|
88
89
|
const unsafeCssProperty = styles.find(style => {
|
|
89
90
|
if (style === "") return false;
|
|
90
|
-
const
|
|
91
|
+
const keyVal = style.split(":")
|
|
92
|
+
const key = keyVal[0].trim()
|
|
93
|
+
const value = keyVal[1].trim()
|
|
94
|
+
console.log(key, value)
|
|
95
|
+
if (key === "position" && value === "fixed") {
|
|
96
|
+
throw new Error(value + " value is not allowed for "+ key + "!")
|
|
97
|
+
}
|
|
91
98
|
return !allowedCssProperties.includes(cssNameToJsName(key))
|
|
92
99
|
})
|
|
93
100
|
if (unsafeCssProperty) {
|
|
@@ -122,6 +129,9 @@ function checkCSS(cssVal: string) {
|
|
|
122
129
|
if (!allowedCssProperties.includes(cssNameToJsName(property))) {
|
|
123
130
|
throw new Error(property + " style is not allowed!")
|
|
124
131
|
}
|
|
132
|
+
if (property === "position" && value === "fixed") {
|
|
133
|
+
throw new Error(value + " value is not allowed for "+ property + "!")
|
|
134
|
+
}
|
|
125
135
|
}
|
|
126
136
|
|
|
127
137
|
}
|