@oscarpalmer/toretto 0.29.0 → 0.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attribute/index.js +13 -1
- package/dist/{html.js → html/index.js} +5 -5
- package/dist/html/sanitize.js +40 -0
- package/dist/index.js +3 -6
- package/dist/internal/attribute.js +52 -25
- package/dist/toretto.full.js +747 -1007
- package/package.json +12 -12
- package/src/attribute/index.ts +87 -6
- package/src/{html.ts → html/index.ts} +7 -7
- package/src/html/sanitize.ts +83 -0
- package/src/index.ts +7 -2
- package/src/internal/attribute.ts +111 -121
- package/types/attribute/index.d.ts +57 -1
- package/types/{html.d.ts → html/index.d.ts} +2 -2
- package/types/{internal → html}/sanitize.d.ts +1 -1
- package/types/index.d.ts +2 -2
- package/types/internal/attribute.d.ts +4 -55
- package/dist/internal/sanitize.js +0 -24
- package/src/internal/sanitize.ts +0 -40
|
@@ -1,59 +1,8 @@
|
|
|
1
1
|
import type { Attribute, HTMLOrSVGElement, Property } from '../models';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
*/
|
|
7
|
-
export declare function isBadAttribute(attribute: Attr | Attribute): boolean;
|
|
8
|
-
/**
|
|
9
|
-
* Is the attribute considered bad and potentially harmful?
|
|
10
|
-
* @param name Attribute name
|
|
11
|
-
* @param value Attribute value
|
|
12
|
-
* @returns `true` if attribute is considered bad
|
|
13
|
-
*/
|
|
14
|
-
export declare function isBadAttribute(name: string, value: string): boolean;
|
|
15
|
-
/**
|
|
16
|
-
* Is the attribute a boolean attribute?
|
|
17
|
-
* @param name Attribute to check
|
|
18
|
-
* @returns `true` if attribute is a boolean attribute
|
|
19
|
-
*/
|
|
20
|
-
export declare function isBooleanAttribute(attribute: Attr | Attribute): boolean;
|
|
21
|
-
/**
|
|
22
|
-
* Is the attribute a boolean attribute?
|
|
23
|
-
* @param name Attribute name
|
|
24
|
-
* @returns `true` if attribute is a boolean attribute
|
|
25
|
-
*/
|
|
26
|
-
export declare function isBooleanAttribute(name: string): boolean;
|
|
27
|
-
/**
|
|
28
|
-
* Is the attribute empty and not a boolean attribute?
|
|
29
|
-
* @param attribute Attribute to check
|
|
30
|
-
* @returns `true` if attribute is empty and not a boolean attribute
|
|
31
|
-
*/
|
|
32
|
-
export declare function isEmptyNonBooleanAttribute(attribute: Attr | Attribute): boolean;
|
|
33
|
-
/**
|
|
34
|
-
* Is the attribute empty and not a boolean attribute?
|
|
35
|
-
* @param name Attribute name
|
|
36
|
-
* @param value Attribute value
|
|
37
|
-
* @returns `true` if attribute is empty and not a boolean attribute
|
|
38
|
-
*/
|
|
39
|
-
export declare function isEmptyNonBooleanAttribute(name: string, value: string): boolean;
|
|
40
|
-
/**
|
|
41
|
-
* Is the attribute an invalid boolean attribute?
|
|
42
|
-
*
|
|
43
|
-
* _(I.e., its value is not empty or the same as its name)_
|
|
44
|
-
* @param attribute Attribute to check
|
|
45
|
-
* @returns `true` if attribute is an invalid boolean attribute
|
|
46
|
-
*/
|
|
47
|
-
export declare function isInvalidBooleanAttribute(attribute: Attr | Attribute): boolean;
|
|
48
|
-
/**
|
|
49
|
-
* Is the attribute an invalid boolean attribute?
|
|
50
|
-
*
|
|
51
|
-
* _(I.e., its value is not empty or the same as its name)_
|
|
52
|
-
* @param name Attribute name
|
|
53
|
-
* @param value Attribute value
|
|
54
|
-
* @returns `true` if attribute is an invalid boolean attribute
|
|
55
|
-
*/
|
|
56
|
-
export declare function isInvalidBooleanAttribute(name: string, value: string): boolean;
|
|
2
|
+
export declare function isBadAttribute(first: unknown, second: unknown, decode: boolean): boolean;
|
|
3
|
+
export declare function isBooleanAttribute(first: unknown, decode: boolean): boolean;
|
|
4
|
+
export declare function isEmptyNonBooleanAttribute(first: unknown, second: unknown, decode: boolean): boolean;
|
|
5
|
+
export declare function isInvalidBooleanAttribute(first: unknown, second: unknown, decode: boolean): boolean;
|
|
57
6
|
export declare function isProperty(value: unknown): value is Property;
|
|
58
7
|
export declare function updateValue(element: HTMLOrSVGElement, first: unknown, second: unknown): void;
|
|
59
8
|
export declare function updateValues(element: HTMLOrSVGElement, values: Attribute<unknown>[] | Record<string, unknown>): void;
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import { isBadAttribute, isEmptyNonBooleanAttribute, isInvalidBooleanAttribute } from "./attribute.js";
|
|
2
|
-
function sanitizeAttributes(element, attributes) {
|
|
3
|
-
const { length } = attributes;
|
|
4
|
-
for (let index = 0; index < length; index += 1) {
|
|
5
|
-
const attribute = attributes[index];
|
|
6
|
-
if (isBadAttribute(attribute) || isEmptyNonBooleanAttribute(attribute)) element.removeAttribute(attribute.name);
|
|
7
|
-
else if (isInvalidBooleanAttribute(attribute)) element.setAttribute(attribute.name, "");
|
|
8
|
-
}
|
|
9
|
-
}
|
|
10
|
-
function sanitizeNodes(nodes) {
|
|
11
|
-
const actual = nodes.filter((node) => node instanceof Node);
|
|
12
|
-
const { length } = nodes;
|
|
13
|
-
for (let index = 0; index < length; index += 1) {
|
|
14
|
-
const node = actual[index];
|
|
15
|
-
if (node instanceof Element) {
|
|
16
|
-
const scripts = node.querySelectorAll("script");
|
|
17
|
-
for (const script of scripts) script.remove();
|
|
18
|
-
sanitizeAttributes(node, [...node.attributes]);
|
|
19
|
-
}
|
|
20
|
-
if (node.hasChildNodes()) sanitizeNodes([...node.childNodes]);
|
|
21
|
-
}
|
|
22
|
-
return nodes;
|
|
23
|
-
}
|
|
24
|
-
export { sanitizeAttributes, sanitizeNodes };
|
package/src/internal/sanitize.ts
DELETED
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
import {isBadAttribute, isEmptyNonBooleanAttribute, isInvalidBooleanAttribute} from './attribute';
|
|
2
|
-
|
|
3
|
-
export function sanitizeAttributes(element: Element, attributes: Attr[]): void {
|
|
4
|
-
const {length} = attributes;
|
|
5
|
-
|
|
6
|
-
for (let index = 0; index < length; index += 1) {
|
|
7
|
-
const attribute = attributes[index];
|
|
8
|
-
|
|
9
|
-
if (isBadAttribute(attribute) || isEmptyNonBooleanAttribute(attribute)) {
|
|
10
|
-
element.removeAttribute(attribute.name);
|
|
11
|
-
} else if (isInvalidBooleanAttribute(attribute)) {
|
|
12
|
-
element.setAttribute(attribute.name, '');
|
|
13
|
-
}
|
|
14
|
-
}
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
export function sanitizeNodes(nodes: Node[]): Node[] {
|
|
18
|
-
const actual = nodes.filter(node => node instanceof Node);
|
|
19
|
-
const {length} = nodes;
|
|
20
|
-
|
|
21
|
-
for (let index = 0; index < length; index += 1) {
|
|
22
|
-
const node = actual[index];
|
|
23
|
-
|
|
24
|
-
if (node instanceof Element) {
|
|
25
|
-
const scripts = node.querySelectorAll('script');
|
|
26
|
-
|
|
27
|
-
for (const script of scripts) {
|
|
28
|
-
script.remove();
|
|
29
|
-
}
|
|
30
|
-
|
|
31
|
-
sanitizeAttributes(node, [...node.attributes]);
|
|
32
|
-
}
|
|
33
|
-
|
|
34
|
-
if (node.hasChildNodes()) {
|
|
35
|
-
sanitizeNodes([...node.childNodes]);
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
return nodes;
|
|
40
|
-
}
|