@rails/actiontext 8.0.100 → 8.0.200

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/app/assets/javascripts/trix.js +39 -16
  2. package/package.json +1 -1
package/app/assets/javascripts/trix.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- Trix 2.1.10
2
+ Trix 2.1.12
3
3
  Copyright © 2024 37signals, LLC
4
4
  */
5
5
  (function (global, factory) {
@@ -9,7 +9,7 @@ Copyright © 2024 37signals, LLC
9
9
  })(this, (function () { 'use strict';
10
10
 
11
11
  var name = "trix";
12
- var version = "2.1.10";
12
+ var version = "2.1.12";
13
13
  var description = "A rich text editor for everyday writing";
14
14
  var main = "dist/trix.umd.min.js";
15
15
  var module = "dist/trix.esm.min.js";
@@ -44,6 +44,7 @@ Copyright © 2024 37signals, LLC
44
44
  "@rollup/plugin-node-resolve": "^13.3.0",
45
45
  "@web/dev-server": "^0.1.34",
46
46
  "babel-eslint": "^10.1.0",
47
+ chokidar: "^4.0.2",
47
48
  concurrently: "^7.4.0",
48
49
  eslint: "^7.32.0",
49
50
  esm: "^3.2.25",
@@ -51,12 +52,12 @@ Copyright © 2024 37signals, LLC
51
52
  "karma-chrome-launcher": "3.2.0",
52
53
  "karma-qunit": "^4.1.2",
53
54
  "karma-sauce-launcher": "^4.3.6",
54
- "node-sass": "^7.0.1",
55
55
  qunit: "2.19.1",
56
56
  rangy: "^1.3.0",
57
57
  rollup: "^2.56.3",
58
58
  "rollup-plugin-includepaths": "^0.2.4",
59
59
  "rollup-plugin-terser": "^7.0.2",
60
+ sass: "^1.83.0",
60
61
  svgo: "^2.8.0",
61
62
  webdriverio: "^7.19.5"
62
63
  };
@@ -64,7 +65,7 @@ Copyright © 2024 37signals, LLC
64
65
  webdriverio: "^7.19.5"
65
66
  };
66
67
  var scripts = {
67
- "build-css": "node-sass --functions=./assets/trix/stylesheets/functions assets/trix.scss dist/trix.css",
68
+ "build-css": "bin/sass-build assets/trix.scss dist/trix.css",
68
69
  "build-js": "rollup -c",
69
70
  "build-assets": "cp -f assets/*.html dist/",
70
71
  build: "yarn run build-js && yarn run build-css && yarn run build-assets",
@@ -209,6 +210,12 @@ Copyright © 2024 37signals, LLC
209
210
  attachmentGallery: "attachment-gallery"
210
211
  };
211
212
 
213
+ var dompurify = {
214
+ ADD_ATTR: ["language"],
215
+ SAFE_FOR_XML: false,
216
+ RETURN_DOM: true
217
+ };
218
+
212
219
  var lang$1 = {
213
220
  attachFiles: "Attach Files",
214
221
  bold: "Bold",
@@ -631,7 +638,7 @@ Copyright © 2024 37signals, LLC
631
638
 
632
639
  var toolbar = {
633
640
  getDefaultHTML() {
634
- return "<div class=\"trix-button-row\">\n <span class=\"trix-button-group trix-button-group--text-tools\" data-trix-button-group=\"text-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bold\" data-trix-attribute=\"bold\" data-trix-key=\"b\" title=\"".concat(lang$1.bold, "\" tabindex=\"-1\">").concat(lang$1.bold, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-italic\" data-trix-attribute=\"italic\" data-trix-key=\"i\" title=\"").concat(lang$1.italic, "\" tabindex=\"-1\">").concat(lang$1.italic, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-strike\" data-trix-attribute=\"strike\" title=\"").concat(lang$1.strike, "\" tabindex=\"-1\">").concat(lang$1.strike, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-link\" data-trix-attribute=\"href\" data-trix-action=\"link\" data-trix-key=\"k\" title=\"").concat(lang$1.link, "\" tabindex=\"-1\">").concat(lang$1.link, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--block-tools\" data-trix-button-group=\"block-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-heading-1\" data-trix-attribute=\"heading1\" title=\"").concat(lang$1.heading1, "\" tabindex=\"-1\">").concat(lang$1.heading1, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-quote\" data-trix-attribute=\"quote\" title=\"").concat(lang$1.quote, "\" tabindex=\"-1\">").concat(lang$1.quote, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-code\" data-trix-attribute=\"code\" title=\"").concat(lang$1.code, "\" tabindex=\"-1\">").concat(lang$1.code, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bullet-list\" data-trix-attribute=\"bullet\" title=\"").concat(lang$1.bullets, "\" tabindex=\"-1\">").concat(lang$1.bullets, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-number-list\" data-trix-attribute=\"number\" title=\"").concat(lang$1.numbers, "\" tabindex=\"-1\">").concat(lang$1.numbers, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-decrease-nesting-level\" data-trix-action=\"decreaseNestingLevel\" title=\"").concat(lang$1.outdent, "\" tabindex=\"-1\">").concat(lang$1.outdent, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-increase-nesting-level\" data-trix-action=\"increaseNestingLevel\" title=\"").concat(lang$1.indent, "\" tabindex=\"-1\">").concat(lang$1.indent, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--file-tools\" data-trix-button-group=\"file-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-attach\" data-trix-action=\"attachFiles\" title=\"").concat(lang$1.attachFiles, "\" tabindex=\"-1\">").concat(lang$1.attachFiles, "</button>\n </span>\n\n <span class=\"trix-button-group-spacer\"></span>\n\n <span class=\"trix-button-group trix-button-group--history-tools\" data-trix-button-group=\"history-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-undo\" data-trix-action=\"undo\" data-trix-key=\"z\" title=\"").concat(lang$1.undo, "\" tabindex=\"-1\">").concat(lang$1.undo, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-redo\" data-trix-action=\"redo\" data-trix-key=\"shift+z\" title=\"").concat(lang$1.redo, "\" tabindex=\"-1\">").concat(lang$1.redo, "</button>\n </span>\n </div>\n\n <div class=\"trix-dialogs\" data-trix-dialogs>\n <div class=\"trix-dialog trix-dialog--link\" data-trix-dialog=\"href\" data-trix-dialog-attribute=\"href\">\n <div class=\"trix-dialog__link-fields\">\n <input type=\"url\" name=\"href\" class=\"trix-input trix-input--dialog\" placeholder=\"").concat(lang$1.urlPlaceholder, "\" aria-label=\"").concat(lang$1.url, "\" required data-trix-input>\n <div class=\"trix-button-group\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.link, "\" data-trix-method=\"setAttribute\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.unlink, "\" data-trix-method=\"removeAttribute\">\n </div>\n </div>\n </div>\n </div>");
641
+ return "<div class=\"trix-button-row\">\n <span class=\"trix-button-group trix-button-group--text-tools\" data-trix-button-group=\"text-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bold\" data-trix-attribute=\"bold\" data-trix-key=\"b\" title=\"".concat(lang$1.bold, "\" tabindex=\"-1\">").concat(lang$1.bold, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-italic\" data-trix-attribute=\"italic\" data-trix-key=\"i\" title=\"").concat(lang$1.italic, "\" tabindex=\"-1\">").concat(lang$1.italic, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-strike\" data-trix-attribute=\"strike\" title=\"").concat(lang$1.strike, "\" tabindex=\"-1\">").concat(lang$1.strike, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-link\" data-trix-attribute=\"href\" data-trix-action=\"link\" data-trix-key=\"k\" title=\"").concat(lang$1.link, "\" tabindex=\"-1\">").concat(lang$1.link, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--block-tools\" data-trix-button-group=\"block-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-heading-1\" data-trix-attribute=\"heading1\" title=\"").concat(lang$1.heading1, "\" tabindex=\"-1\">").concat(lang$1.heading1, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-quote\" data-trix-attribute=\"quote\" title=\"").concat(lang$1.quote, "\" tabindex=\"-1\">").concat(lang$1.quote, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-code\" data-trix-attribute=\"code\" title=\"").concat(lang$1.code, "\" tabindex=\"-1\">").concat(lang$1.code, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bullet-list\" data-trix-attribute=\"bullet\" title=\"").concat(lang$1.bullets, "\" tabindex=\"-1\">").concat(lang$1.bullets, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-number-list\" data-trix-attribute=\"number\" title=\"").concat(lang$1.numbers, "\" tabindex=\"-1\">").concat(lang$1.numbers, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-decrease-nesting-level\" data-trix-action=\"decreaseNestingLevel\" title=\"").concat(lang$1.outdent, "\" tabindex=\"-1\">").concat(lang$1.outdent, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-increase-nesting-level\" data-trix-action=\"increaseNestingLevel\" title=\"").concat(lang$1.indent, "\" tabindex=\"-1\">").concat(lang$1.indent, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--file-tools\" data-trix-button-group=\"file-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-attach\" data-trix-action=\"attachFiles\" title=\"").concat(lang$1.attachFiles, "\" tabindex=\"-1\">").concat(lang$1.attachFiles, "</button>\n </span>\n\n <span class=\"trix-button-group-spacer\"></span>\n\n <span class=\"trix-button-group trix-button-group--history-tools\" data-trix-button-group=\"history-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-undo\" data-trix-action=\"undo\" data-trix-key=\"z\" title=\"").concat(lang$1.undo, "\" tabindex=\"-1\">").concat(lang$1.undo, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-redo\" data-trix-action=\"redo\" data-trix-key=\"shift+z\" title=\"").concat(lang$1.redo, "\" tabindex=\"-1\">").concat(lang$1.redo, "</button>\n </span>\n </div>\n\n <div class=\"trix-dialogs\" data-trix-dialogs>\n <div class=\"trix-dialog trix-dialog--link\" data-trix-dialog=\"href\" data-trix-dialog-attribute=\"href\">\n <div class=\"trix-dialog__link-fields\">\n <input type=\"url\" name=\"href\" class=\"trix-input trix-input--dialog\" placeholder=\"").concat(lang$1.urlPlaceholder, "\" aria-label=\"").concat(lang$1.url, "\" data-trix-validate-href required data-trix-input>\n <div class=\"trix-button-group\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.link, "\" data-trix-method=\"setAttribute\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.unlink, "\" data-trix-method=\"removeAttribute\">\n </div>\n </div>\n </div>\n </div>");
635
642
  }
636
643
  };
637
644
 
@@ -645,6 +652,7 @@ Copyright © 2024 37signals, LLC
645
652
  blockAttributes: attributes,
646
653
  browser: browser$1,
647
654
  css: css$3,
655
+ dompurify: dompurify,
648
656
  fileSize: file_size_formatting,
649
657
  input: input,
650
658
  keyNames: key_names,
@@ -3064,6 +3072,12 @@ $\
3064
3072
  }
3065
3073
  var purify = createDOMPurify();
3066
3074
 
3075
+ purify.addHook("uponSanitizeAttribute", function (node, data) {
3076
+ const allowedAttributePattern = /^data-trix-/;
3077
+ if (allowedAttributePattern.test(data.attrName)) {
3078
+ data.forceKeepAttr = true;
3079
+ }
3080
+ });
3067
3081
  const DEFAULT_ALLOWED_ATTRIBUTES = "style href src width height language class".split(" ");
3068
3082
  const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ");
3069
3083
  const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ");
@@ -3093,10 +3107,9 @@ $\
3093
3107
  sanitize() {
3094
3108
  this.sanitizeElements();
3095
3109
  this.normalizeListElementNesting();
3096
- return purify.sanitize(this.body, {
3097
- ADD_ATTR: ["language"],
3098
- RETURN_DOM: true
3099
- });
3110
+ purify.setConfig(dompurify);
3111
+ this.body = purify.sanitize(this.body);
3112
+ return this.body;
3100
3113
  }
3101
3114
  getHTML() {
3102
3115
  return this.body.innerHTML;
@@ -12626,16 +12639,26 @@ $\
12626
12639
  return (_this$delegate6 = this.delegate) === null || _this$delegate6 === void 0 ? void 0 : _this$delegate6.toolbarDidShowDialog(dialogName);
12627
12640
  }
12628
12641
  setAttribute(dialogElement) {
12642
+ var _this$delegate7;
12629
12643
  const attributeName = getAttributeName(dialogElement);
12630
12644
  const input = getInputForDialog(dialogElement, attributeName);
12631
- if (input.willValidate && !input.checkValidity()) {
12632
- input.setAttribute("data-trix-validate", "");
12633
- input.classList.add("trix-validate");
12634
- return input.focus();
12645
+ if (input.willValidate) {
12646
+ input.setCustomValidity("");
12647
+ if (!input.checkValidity() || !this.isSafeAttribute(input)) {
12648
+ input.setCustomValidity("Invalid value");
12649
+ input.setAttribute("data-trix-validate", "");
12650
+ input.classList.add("trix-validate");
12651
+ return input.focus();
12652
+ }
12653
+ }
12654
+ (_this$delegate7 = this.delegate) === null || _this$delegate7 === void 0 || _this$delegate7.toolbarDidUpdateAttribute(attributeName, input.value);
12655
+ return this.hideDialog();
12656
+ }
12657
+ isSafeAttribute(input) {
12658
+ if (input.hasAttribute("data-trix-validate-href")) {
12659
+ return purify.isValidAttribute("a", "href", input.value);
12635
12660
  } else {
12636
- var _this$delegate7;
12637
- (_this$delegate7 = this.delegate) === null || _this$delegate7 === void 0 || _this$delegate7.toolbarDidUpdateAttribute(attributeName, input.value);
12638
- return this.hideDialog();
12661
+ return true;
12639
12662
  }
12640
12663
  }
12641
12664
  removeAttribute(dialogElement) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rails/actiontext",
3
- "version": "8.0.100",
3
+ "version": "8.0.200",
4
4
  "description": "Edit and display rich text in Rails applications",
5
5
  "module": "app/assets/javascripts/actiontext.esm.js",
6
6
  "main": "app/assets/javascripts/actiontext.js",