@nerimity/html-embed 1.1.3 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -1
- package/package.json +1 -1
- package/src/index.ts +10 -1
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAiHA,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM;;;;;;;;IAEtC"}
|
package/dist/index.js
CHANGED
|
@@ -11,6 +11,7 @@ const allowedAttributes = ["href", "src", "color", "style", "class"];
|
|
|
11
11
|
const allowedCssProperties = [
|
|
12
12
|
"display",
|
|
13
13
|
"position",
|
|
14
|
+
"inset",
|
|
14
15
|
"backgroundColor",
|
|
15
16
|
"backgroundImage",
|
|
16
17
|
"backgroundRepeat",
|
|
@@ -88,7 +89,12 @@ function h(tag, props, ...children) {
|
|
|
88
89
|
const unsafeCssProperty = styles.find(style => {
|
|
89
90
|
if (style === "")
|
|
90
91
|
return false;
|
|
91
|
-
const
|
|
92
|
+
const keyVal = style.split(":");
|
|
93
|
+
const key = keyVal[0].trim();
|
|
94
|
+
const value = keyVal[1].trim();
|
|
95
|
+
if (key === "position" && value === "fixed") {
|
|
96
|
+
throw new Error(value + " value is not allowed for " + key + "!");
|
|
97
|
+
}
|
|
92
98
|
return !allowedCssProperties.includes(cssNameToJsName(key));
|
|
93
99
|
});
|
|
94
100
|
if (unsafeCssProperty) {
|
|
@@ -117,6 +123,9 @@ function checkCSS(cssVal) {
|
|
|
117
123
|
if (!allowedCssProperties.includes(cssNameToJsName(property))) {
|
|
118
124
|
throw new Error(property + " style is not allowed!");
|
|
119
125
|
}
|
|
126
|
+
if (property === "position" && value === "fixed") {
|
|
127
|
+
throw new Error(value + " value is not allowed for " + property + "!");
|
|
128
|
+
}
|
|
120
129
|
}
|
|
121
130
|
}
|
|
122
131
|
}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -7,6 +7,7 @@ const allowedAttributes = ["href", "src", "color", "style", "class"]
|
|
|
7
7
|
const allowedCssProperties = [
|
|
8
8
|
"display",
|
|
9
9
|
"position",
|
|
10
|
+
"inset",
|
|
10
11
|
"backgroundColor",
|
|
11
12
|
"backgroundImage",
|
|
12
13
|
"backgroundRepeat",
|
|
@@ -87,7 +88,12 @@ function h(tag: string, props: any, ...children: any[]) {
|
|
|
87
88
|
const styles: string[] = props.style.split(";");
|
|
88
89
|
const unsafeCssProperty = styles.find(style => {
|
|
89
90
|
if (style === "") return false;
|
|
90
|
-
const
|
|
91
|
+
const keyVal = style.split(":")
|
|
92
|
+
const key = keyVal[0].trim()
|
|
93
|
+
const value = keyVal[1].trim()
|
|
94
|
+
if (key === "position" && value === "fixed") {
|
|
95
|
+
throw new Error(value + " value is not allowed for "+ key + "!")
|
|
96
|
+
}
|
|
91
97
|
return !allowedCssProperties.includes(cssNameToJsName(key))
|
|
92
98
|
})
|
|
93
99
|
if (unsafeCssProperty) {
|
|
@@ -122,6 +128,9 @@ function checkCSS(cssVal: string) {
|
|
|
122
128
|
if (!allowedCssProperties.includes(cssNameToJsName(property))) {
|
|
123
129
|
throw new Error(property + " style is not allowed!")
|
|
124
130
|
}
|
|
131
|
+
if (property === "position" && value === "fixed") {
|
|
132
|
+
throw new Error(value + " value is not allowed for "+ property + "!")
|
|
133
|
+
}
|
|
125
134
|
}
|
|
126
135
|
|
|
127
136
|
}
|