@sankyu/react-circle-flags 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +4 -4
  2. package/dist/index.cjs +26 -3
  3. package/dist/index.mjs +26 -3
  4. package/package.json +4 -4
package/README.md CHANGED
@@ -12,22 +12,22 @@
12
12
 
13
13
  [![TypeScript Supported](https://img.shields.io/badge/TypeScript-Supported-blue?style=flat-square&logo=typescript)](https://www.typescriptlang.org/) [![React Ready](https://img.shields.io/badge/React-%3E%3D16.0.0-61dafb?style=flat-square&logo=react)](https://reactjs.org/) [![MIT License](https://img.shields.io/badge/License-MIT-green?style=flat-square&logo=opensourceinitiative)](./LICENSE)
14
14
 
15
+ ---
16
+
15
17
  :star: **Star us on [GitHub](https://github.com/Sankyu-Lab/react-circle-flags)** | :bug: **Report Issues [here](https://github.com/Sankyu-Lab/react-circle-flags/issues)**
16
18
 
19
+ :rocket: **Explore the [Demo Gallery](https://sankyu-lab.github.io/react-circle-flags/browse)** | :book: **Read the [Documentation](https://sankyu-lab.github.io/react-circle-flags/docs/guides/getting-started/)**
20
+
17
21
  </div>
18
22
 
19
23
  ---
20
24
 
21
- Welcome to `@sankyu/react-circle-flags`, a modern React library for circular flag components.
22
-
23
25
  ## 📖 Overview
24
26
 
25
27
  This library provides **400+ circular SVG flag components** with **Full-TypeScript support** & **Tree-shaking Optimization**.
26
28
 
27
29
  Perfect for applications that need fast, crisp country flags without external image requests.
28
30
 
29
- :rocket: **Explore the [Demo Gallery](https://sankyu-lab.github.io/react-circle-flags/browse)** | :book: **Read the [Documentation](https://sankyu-lab.github.io/react-circle-flags/docs/guides/getting-started/)**
30
-
31
31
  ---
32
32
 
33
33
  ## ✨ Key Features
package/dist/index.cjs CHANGED
@@ -13045,7 +13045,7 @@ var FLAG_REGISTRY = {
13045
13045
 
13046
13046
  // package.json
13047
13047
  var package_default = {
13048
- version: "1.4.0"};
13048
+ version: "1.4.2"};
13049
13049
 
13050
13050
  // src/meta.ts
13051
13051
  var parseBuiltAt = (source) => {
@@ -13054,7 +13054,7 @@ var parseBuiltAt = (source) => {
13054
13054
  };
13055
13055
  var commit = "dev" ;
13056
13056
  var builtAt = parseBuiltAt(
13057
- "1767524281241"
13057
+ "1767709251902"
13058
13058
  );
13059
13059
  var buildMeta = {
13060
13060
  version: package_default.version,
@@ -13068,6 +13068,28 @@ function codeToEmoji(code) {
13068
13068
  const aCode = "A".charCodeAt(0);
13069
13069
  return [...upperCode].map((char) => String.fromCodePoint(base + char.charCodeAt(0) - aCode)).join("");
13070
13070
  }
13071
+ function sanitizeSvg(raw) {
13072
+ if (typeof DOMParser === "undefined") return raw;
13073
+ const parser = new DOMParser();
13074
+ const doc = parser.parseFromString(raw, "image/svg+xml");
13075
+ const svg = doc.documentElement;
13076
+ if (!svg || doc.querySelector("parsererror")) return raw;
13077
+ svg.querySelectorAll("script,foreignObject").forEach((el) => el.remove());
13078
+ svg.querySelectorAll("*").forEach((el) => {
13079
+ Array.from(el.attributes).forEach((attr) => {
13080
+ const name = attr.name.toLowerCase();
13081
+ const value = attr.value.trim().toLowerCase();
13082
+ if (name.startsWith("on")) {
13083
+ el.removeAttribute(attr.name);
13084
+ return;
13085
+ }
13086
+ if ((name === "href" || name === "xlink:href") && value.startsWith("javascript:")) {
13087
+ el.removeAttribute(attr.name);
13088
+ }
13089
+ });
13090
+ });
13091
+ return svg.outerHTML;
13092
+ }
13071
13093
  var DEFAULT_CDN_ENDPOINT = "https://hatscripts.github.io/circle-flags/flags/";
13072
13094
  var FlagSizes = {
13073
13095
  xs: 16,
@@ -13138,7 +13160,8 @@ var CircleFlag = ({
13138
13160
  throw new Error(`Failed to load flag: ${response.statusText}`);
13139
13161
  }
13140
13162
  const svg = await response.text();
13141
- setSvgContent(svg);
13163
+ const sanitizedSvg = sanitizeSvg(svg);
13164
+ setSvgContent(sanitizedSvg);
13142
13165
  setError(false);
13143
13166
  } catch (err) {
13144
13167
  console.warn(`Failed to load flag for country code: ${finalCountryCode}`, err);
package/dist/index.mjs CHANGED
@@ -13043,7 +13043,7 @@ var FLAG_REGISTRY = {
13043
13043
 
13044
13044
  // package.json
13045
13045
  var package_default = {
13046
- version: "1.4.0"};
13046
+ version: "1.4.2"};
13047
13047
 
13048
13048
  // src/meta.ts
13049
13049
  var parseBuiltAt = (source) => {
@@ -13052,7 +13052,7 @@ var parseBuiltAt = (source) => {
13052
13052
  };
13053
13053
  var commit = "dev" ;
13054
13054
  var builtAt = parseBuiltAt(
13055
- "1767524281241"
13055
+ "1767709251902"
13056
13056
  );
13057
13057
  var buildMeta = {
13058
13058
  version: package_default.version,
@@ -13066,6 +13066,28 @@ function codeToEmoji(code) {
13066
13066
  const aCode = "A".charCodeAt(0);
13067
13067
  return [...upperCode].map((char) => String.fromCodePoint(base + char.charCodeAt(0) - aCode)).join("");
13068
13068
  }
13069
+ function sanitizeSvg(raw) {
13070
+ if (typeof DOMParser === "undefined") return raw;
13071
+ const parser = new DOMParser();
13072
+ const doc = parser.parseFromString(raw, "image/svg+xml");
13073
+ const svg = doc.documentElement;
13074
+ if (!svg || doc.querySelector("parsererror")) return raw;
13075
+ svg.querySelectorAll("script,foreignObject").forEach((el) => el.remove());
13076
+ svg.querySelectorAll("*").forEach((el) => {
13077
+ Array.from(el.attributes).forEach((attr) => {
13078
+ const name = attr.name.toLowerCase();
13079
+ const value = attr.value.trim().toLowerCase();
13080
+ if (name.startsWith("on")) {
13081
+ el.removeAttribute(attr.name);
13082
+ return;
13083
+ }
13084
+ if ((name === "href" || name === "xlink:href") && value.startsWith("javascript:")) {
13085
+ el.removeAttribute(attr.name);
13086
+ }
13087
+ });
13088
+ });
13089
+ return svg.outerHTML;
13090
+ }
13069
13091
  var DEFAULT_CDN_ENDPOINT = "https://hatscripts.github.io/circle-flags/flags/";
13070
13092
  var FlagSizes = {
13071
13093
  xs: 16,
@@ -13136,7 +13158,8 @@ var CircleFlag = ({
13136
13158
  throw new Error(`Failed to load flag: ${response.statusText}`);
13137
13159
  }
13138
13160
  const svg = await response.text();
13139
- setSvgContent(svg);
13161
+ const sanitizedSvg = sanitizeSvg(svg);
13162
+ setSvgContent(sanitizedSvg);
13140
13163
  setError(false);
13141
13164
  } catch (err) {
13142
13165
  console.warn(`Failed to load flag for country code: ${finalCountryCode}`, err);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sankyu/react-circle-flags",
3
- "version": "1.4.0",
3
+ "version": "1.4.2",
4
4
  "description": "📦 400+ circular SVG React flags — tree-shakeable, TypeScript-ready, SSR-compatible, zero deps.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -91,7 +91,7 @@
91
91
  "@testing-library/jest-dom": "^6.9.1",
92
92
  "@testing-library/react": "^14.3.1",
93
93
  "@types/jest": "^30.0.0",
94
- "@types/node": "^22.19.3",
94
+ "@types/node": "^25.0.3",
95
95
  "@types/react": "^18.3.27",
96
96
  "@typescript-eslint/eslint-plugin": "^8.51.0",
97
97
  "@typescript-eslint/parser": "^8.51.0",
@@ -99,8 +99,8 @@
99
99
  "eslint-config-prettier": "^10.1.8",
100
100
  "eslint-plugin-prettier": "^5.5.4",
101
101
  "eslint-plugin-react": "^7.37.5",
102
- "eslint-plugin-react-hooks": "^5.2.0",
103
- "globals": "^16.5.0",
102
+ "eslint-plugin-react-hooks": "^7.0.1",
103
+ "globals": "^17.0.0",
104
104
  "husky": "^9.1.7",
105
105
  "jest": "^30.2.0",
106
106
  "jest-environment-jsdom": "^30.2.0",