@syncfusion/ej2-base 23.1.36 → 23.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/{README.md → ReadMe.md} +1 -1
- package/bin/syncfusion-license.js +1 -1
- package/dist/ej2-base.min.js +1 -10
- package/dist/ej2-base.umd.min.js +1 -10
- package/dist/ej2-base.umd.min.js.map +1 -1
- package/dist/es6/ej2-base.es2015.js +43 -2
- package/dist/es6/ej2-base.es2015.js.map +1 -1
- package/dist/es6/ej2-base.es5.js +43 -2
- package/dist/es6/ej2-base.es5.js.map +1 -1
- package/dist/global/ej2-base.min.js +1 -10
- package/dist/global/ej2-base.min.js.map +1 -1
- package/dist/global/index.d.ts +0 -9
- package/package.json +182 -224
- package/src/sanitize-helper.d.ts +1 -0
- package/src/sanitize-helper.js +43 -2
- package/styles/_material-dark-definition.scss +1 -1
- package/styles/material-dark.css +1 -1
- package/styles/offline-theme/material-dark.css +1 -1
|
@@ -9860,13 +9860,54 @@ class SanitizeHtmlHelper {
|
|
|
9860
9860
|
this.removeAttrs = item.selectors.attributes;
|
|
9861
9861
|
this.removeTags = item.selectors.tags;
|
|
9862
9862
|
this.wrapElement = document.createElement('div');
|
|
9863
|
-
this.wrapElement.innerHTML = value;
|
|
9863
|
+
this.wrapElement.innerHTML = this.sanitizeQuotes(value);
|
|
9864
9864
|
this.removeXssTags();
|
|
9865
9865
|
this.removeJsEvents();
|
|
9866
9866
|
this.removeXssAttrs();
|
|
9867
9867
|
const tempEleValue = this.wrapElement.innerHTML;
|
|
9868
9868
|
this.removeElement();
|
|
9869
|
-
return tempEleValue.replace(
|
|
9869
|
+
return tempEleValue.replace(/&/g, '&');
|
|
9870
|
+
}
|
|
9871
|
+
static sanitizeQuotes(input) {
|
|
9872
|
+
const sanityChars = [96, 39, 34];
|
|
9873
|
+
const escape = 92;
|
|
9874
|
+
let sanitizedValue = '';
|
|
9875
|
+
const quoteCounts = {
|
|
9876
|
+
96: 0,
|
|
9877
|
+
39: 0,
|
|
9878
|
+
34: 0
|
|
9879
|
+
};
|
|
9880
|
+
let isPreviousCharBackslash = false;
|
|
9881
|
+
for (let i = 0; i < input.length; i++) {
|
|
9882
|
+
const currentChar = input.charCodeAt(i);
|
|
9883
|
+
if (sanityChars.indexOf(currentChar) !== -1 && !isPreviousCharBackslash) {
|
|
9884
|
+
quoteCounts[currentChar + '']++;
|
|
9885
|
+
}
|
|
9886
|
+
isPreviousCharBackslash = currentChar === escape;
|
|
9887
|
+
}
|
|
9888
|
+
try {
|
|
9889
|
+
// Replace the quotes which has total count is in odd number
|
|
9890
|
+
// Previous char is not backslash, open parenthesis and
|
|
9891
|
+
// Next is not close parenthesis
|
|
9892
|
+
for (let i = 0; i < input.length; i++) {
|
|
9893
|
+
const currentChar = input.charCodeAt(i);
|
|
9894
|
+
const previousChar = i > 0 ? input.charCodeAt(i - 1) : null;
|
|
9895
|
+
const nextChar = i < input.length - 1 ? input.charCodeAt(i + 1) : null;
|
|
9896
|
+
if (sanityChars.indexOf(currentChar) !== -1 && previousChar !== escape) {
|
|
9897
|
+
if (quoteCounts[currentChar + ''] % 2 === 1 && previousChar !== 40 && nextChar !== 41) {
|
|
9898
|
+
sanitizedValue += String.fromCharCode(escape);
|
|
9899
|
+
}
|
|
9900
|
+
sanitizedValue += input[i + ''];
|
|
9901
|
+
}
|
|
9902
|
+
else {
|
|
9903
|
+
sanitizedValue += input[i + ''];
|
|
9904
|
+
}
|
|
9905
|
+
}
|
|
9906
|
+
return sanitizedValue;
|
|
9907
|
+
}
|
|
9908
|
+
catch (error) {
|
|
9909
|
+
return input;
|
|
9910
|
+
}
|
|
9870
9911
|
}
|
|
9871
9912
|
static removeElement() {
|
|
9872
9913
|
// Removes an element's attibute to avoid html tag validation
|