@syncfusion/ej2-base 23.1.36 → 23.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/{README.md → ReadMe.md} +1 -1
- package/bin/syncfusion-license.js +1 -1
- package/dist/ej2-base.min.js +1 -10
- package/dist/ej2-base.umd.min.js +1 -10
- package/dist/ej2-base.umd.min.js.map +1 -1
- package/dist/es6/ej2-base.es2015.js +43 -2
- package/dist/es6/ej2-base.es2015.js.map +1 -1
- package/dist/es6/ej2-base.es5.js +43 -2
- package/dist/es6/ej2-base.es5.js.map +1 -1
- package/dist/global/ej2-base.min.js +1 -10
- package/dist/global/ej2-base.min.js.map +1 -1
- package/dist/global/index.d.ts +0 -9
- package/package.json +182 -224
- package/src/sanitize-helper.d.ts +1 -0
- package/src/sanitize-helper.js +43 -2
- package/styles/_material-dark-definition.scss +1 -1
- package/styles/material-dark.css +1 -1
- package/styles/offline-theme/material-dark.css +1 -1
package/dist/es6/ej2-base.es5.js
CHANGED
|
@@ -9987,13 +9987,54 @@ var SanitizeHtmlHelper = /** @__PURE__ @class */ (function () {
|
|
|
9987
9987
|
this.removeAttrs = item.selectors.attributes;
|
|
9988
9988
|
this.removeTags = item.selectors.tags;
|
|
9989
9989
|
this.wrapElement = document.createElement('div');
|
|
9990
|
-
this.wrapElement.innerHTML = value;
|
|
9990
|
+
this.wrapElement.innerHTML = this.sanitizeQuotes(value);
|
|
9991
9991
|
this.removeXssTags();
|
|
9992
9992
|
this.removeJsEvents();
|
|
9993
9993
|
this.removeXssAttrs();
|
|
9994
9994
|
var tempEleValue = this.wrapElement.innerHTML;
|
|
9995
9995
|
this.removeElement();
|
|
9996
|
-
return tempEleValue.replace(
|
|
9996
|
+
return tempEleValue.replace(/&/g, '&');
|
|
9997
|
+
};
|
|
9998
|
+
SanitizeHtmlHelper.sanitizeQuotes = function (input) {
|
|
9999
|
+
var sanityChars = [96, 39, 34];
|
|
10000
|
+
var escape = 92;
|
|
10001
|
+
var sanitizedValue = '';
|
|
10002
|
+
var quoteCounts = {
|
|
10003
|
+
96: 0,
|
|
10004
|
+
39: 0,
|
|
10005
|
+
34: 0
|
|
10006
|
+
};
|
|
10007
|
+
var isPreviousCharBackslash = false;
|
|
10008
|
+
for (var i = 0; i < input.length; i++) {
|
|
10009
|
+
var currentChar = input.charCodeAt(i);
|
|
10010
|
+
if (sanityChars.indexOf(currentChar) !== -1 && !isPreviousCharBackslash) {
|
|
10011
|
+
quoteCounts[currentChar + '']++;
|
|
10012
|
+
}
|
|
10013
|
+
isPreviousCharBackslash = currentChar === escape;
|
|
10014
|
+
}
|
|
10015
|
+
try {
|
|
10016
|
+
// Replace the quotes which has total count is in odd number
|
|
10017
|
+
// Previous char is not backslash, open parenthesis and
|
|
10018
|
+
// Next is not close parenthesis
|
|
10019
|
+
for (var i = 0; i < input.length; i++) {
|
|
10020
|
+
var currentChar = input.charCodeAt(i);
|
|
10021
|
+
var previousChar = i > 0 ? input.charCodeAt(i - 1) : null;
|
|
10022
|
+
var nextChar = i < input.length - 1 ? input.charCodeAt(i + 1) : null;
|
|
10023
|
+
if (sanityChars.indexOf(currentChar) !== -1 && previousChar !== escape) {
|
|
10024
|
+
if (quoteCounts[currentChar + ''] % 2 === 1 && previousChar !== 40 && nextChar !== 41) {
|
|
10025
|
+
sanitizedValue += String.fromCharCode(escape);
|
|
10026
|
+
}
|
|
10027
|
+
sanitizedValue += input[i + ''];
|
|
10028
|
+
}
|
|
10029
|
+
else {
|
|
10030
|
+
sanitizedValue += input[i + ''];
|
|
10031
|
+
}
|
|
10032
|
+
}
|
|
10033
|
+
return sanitizedValue;
|
|
10034
|
+
}
|
|
10035
|
+
catch (error) {
|
|
10036
|
+
return input;
|
|
10037
|
+
}
|
|
9997
10038
|
};
|
|
9998
10039
|
SanitizeHtmlHelper.removeElement = function () {
|
|
9999
10040
|
// Removes an element's attibute to avoid html tag validation
|