@unhead/shared 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +16 -12
- package/dist/index.mjs +16 -12
- package/package.json +2 -2
package/dist/index.cjs
CHANGED
|
@@ -360,6 +360,13 @@ const WhitelistAttributes = {
|
|
|
360
360
|
script: ["id", "type", "textContent"],
|
|
361
361
|
link: ["id", "color", "crossorigin", "fetchpriority", "href", "hreflang", "imagesrcset", "imagesizes", "integrity", "media", "referrerpolicy", "rel", "sizes", "type"]
|
|
362
362
|
};
|
|
363
|
+
function acceptDataAttrs(value) {
|
|
364
|
+
const filtered = {};
|
|
365
|
+
Object.keys(value || {}).filter((a) => a.startsWith("data-")).forEach((a) => {
|
|
366
|
+
filtered[a] = value[a];
|
|
367
|
+
});
|
|
368
|
+
return filtered;
|
|
369
|
+
}
|
|
363
370
|
function whitelistSafeInput(input) {
|
|
364
371
|
const filtered = {};
|
|
365
372
|
Object.keys(input).forEach((key) => {
|
|
@@ -374,21 +381,18 @@ function whitelistSafeInput(input) {
|
|
|
374
381
|
break;
|
|
375
382
|
case "htmlAttrs":
|
|
376
383
|
case "bodyAttrs":
|
|
377
|
-
filtered[key] =
|
|
384
|
+
filtered[key] = acceptDataAttrs(tagValue);
|
|
378
385
|
WhitelistAttributes[key].forEach((a) => {
|
|
379
386
|
if (tagValue[a])
|
|
380
387
|
filtered[key][a] = tagValue[a];
|
|
381
388
|
});
|
|
382
|
-
Object.keys(tagValue || {}).filter((a) => a.startsWith("data-")).forEach((a) => {
|
|
383
|
-
filtered[key][a] = tagValue[a];
|
|
384
|
-
});
|
|
385
389
|
break;
|
|
386
390
|
case "meta":
|
|
387
391
|
if (Array.isArray(tagValue)) {
|
|
388
392
|
filtered[key] = tagValue.map((meta) => {
|
|
389
|
-
const safeMeta =
|
|
393
|
+
const safeMeta = acceptDataAttrs(meta);
|
|
390
394
|
WhitelistAttributes.meta.forEach((key2) => {
|
|
391
|
-
if (meta[key2]
|
|
395
|
+
if (meta[key2])
|
|
392
396
|
safeMeta[key2] = meta[key2];
|
|
393
397
|
});
|
|
394
398
|
return safeMeta;
|
|
@@ -398,7 +402,7 @@ function whitelistSafeInput(input) {
|
|
|
398
402
|
case "link":
|
|
399
403
|
if (Array.isArray(tagValue)) {
|
|
400
404
|
filtered[key] = tagValue.map((meta) => {
|
|
401
|
-
const link =
|
|
405
|
+
const link = acceptDataAttrs(meta);
|
|
402
406
|
WhitelistAttributes.link.forEach((key2) => {
|
|
403
407
|
const val = meta[key2];
|
|
404
408
|
if (key2 === "rel" && ["stylesheet", "canonical", "modulepreload", "prerender", "preload", "prefetch"].includes(val))
|
|
@@ -407,7 +411,7 @@ function whitelistSafeInput(input) {
|
|
|
407
411
|
if (val.includes("javascript:") || val.includes("data:"))
|
|
408
412
|
return;
|
|
409
413
|
link[key2] = val;
|
|
410
|
-
} else if (val
|
|
414
|
+
} else if (val) {
|
|
411
415
|
link[key2] = val;
|
|
412
416
|
}
|
|
413
417
|
});
|
|
@@ -418,9 +422,9 @@ function whitelistSafeInput(input) {
|
|
|
418
422
|
case "noscript":
|
|
419
423
|
if (Array.isArray(tagValue)) {
|
|
420
424
|
filtered[key] = tagValue.map((meta) => {
|
|
421
|
-
const noscript =
|
|
425
|
+
const noscript = acceptDataAttrs(meta);
|
|
422
426
|
WhitelistAttributes.noscript.forEach((key2) => {
|
|
423
|
-
if (meta[key2]
|
|
427
|
+
if (meta[key2])
|
|
424
428
|
noscript[key2] = meta[key2];
|
|
425
429
|
});
|
|
426
430
|
return noscript;
|
|
@@ -430,9 +434,9 @@ function whitelistSafeInput(input) {
|
|
|
430
434
|
case "script":
|
|
431
435
|
if (Array.isArray(tagValue)) {
|
|
432
436
|
filtered[key] = tagValue.map((script) => {
|
|
433
|
-
const safeScript =
|
|
437
|
+
const safeScript = acceptDataAttrs(script);
|
|
434
438
|
WhitelistAttributes.script.forEach((s) => {
|
|
435
|
-
if (script[s]
|
|
439
|
+
if (script[s]) {
|
|
436
440
|
if (s === "textContent") {
|
|
437
441
|
try {
|
|
438
442
|
const jsonVal = typeof script[s] === "string" ? JSON.parse(script[s]) : script[s];
|
package/dist/index.mjs
CHANGED
|
@@ -358,6 +358,13 @@ const WhitelistAttributes = {
|
|
|
358
358
|
script: ["id", "type", "textContent"],
|
|
359
359
|
link: ["id", "color", "crossorigin", "fetchpriority", "href", "hreflang", "imagesrcset", "imagesizes", "integrity", "media", "referrerpolicy", "rel", "sizes", "type"]
|
|
360
360
|
};
|
|
361
|
+
function acceptDataAttrs(value) {
|
|
362
|
+
const filtered = {};
|
|
363
|
+
Object.keys(value || {}).filter((a) => a.startsWith("data-")).forEach((a) => {
|
|
364
|
+
filtered[a] = value[a];
|
|
365
|
+
});
|
|
366
|
+
return filtered;
|
|
367
|
+
}
|
|
361
368
|
function whitelistSafeInput(input) {
|
|
362
369
|
const filtered = {};
|
|
363
370
|
Object.keys(input).forEach((key) => {
|
|
@@ -372,21 +379,18 @@ function whitelistSafeInput(input) {
|
|
|
372
379
|
break;
|
|
373
380
|
case "htmlAttrs":
|
|
374
381
|
case "bodyAttrs":
|
|
375
|
-
filtered[key] =
|
|
382
|
+
filtered[key] = acceptDataAttrs(tagValue);
|
|
376
383
|
WhitelistAttributes[key].forEach((a) => {
|
|
377
384
|
if (tagValue[a])
|
|
378
385
|
filtered[key][a] = tagValue[a];
|
|
379
386
|
});
|
|
380
|
-
Object.keys(tagValue || {}).filter((a) => a.startsWith("data-")).forEach((a) => {
|
|
381
|
-
filtered[key][a] = tagValue[a];
|
|
382
|
-
});
|
|
383
387
|
break;
|
|
384
388
|
case "meta":
|
|
385
389
|
if (Array.isArray(tagValue)) {
|
|
386
390
|
filtered[key] = tagValue.map((meta) => {
|
|
387
|
-
const safeMeta =
|
|
391
|
+
const safeMeta = acceptDataAttrs(meta);
|
|
388
392
|
WhitelistAttributes.meta.forEach((key2) => {
|
|
389
|
-
if (meta[key2]
|
|
393
|
+
if (meta[key2])
|
|
390
394
|
safeMeta[key2] = meta[key2];
|
|
391
395
|
});
|
|
392
396
|
return safeMeta;
|
|
@@ -396,7 +400,7 @@ function whitelistSafeInput(input) {
|
|
|
396
400
|
case "link":
|
|
397
401
|
if (Array.isArray(tagValue)) {
|
|
398
402
|
filtered[key] = tagValue.map((meta) => {
|
|
399
|
-
const link =
|
|
403
|
+
const link = acceptDataAttrs(meta);
|
|
400
404
|
WhitelistAttributes.link.forEach((key2) => {
|
|
401
405
|
const val = meta[key2];
|
|
402
406
|
if (key2 === "rel" && ["stylesheet", "canonical", "modulepreload", "prerender", "preload", "prefetch"].includes(val))
|
|
@@ -405,7 +409,7 @@ function whitelistSafeInput(input) {
|
|
|
405
409
|
if (val.includes("javascript:") || val.includes("data:"))
|
|
406
410
|
return;
|
|
407
411
|
link[key2] = val;
|
|
408
|
-
} else if (val
|
|
412
|
+
} else if (val) {
|
|
409
413
|
link[key2] = val;
|
|
410
414
|
}
|
|
411
415
|
});
|
|
@@ -416,9 +420,9 @@ function whitelistSafeInput(input) {
|
|
|
416
420
|
case "noscript":
|
|
417
421
|
if (Array.isArray(tagValue)) {
|
|
418
422
|
filtered[key] = tagValue.map((meta) => {
|
|
419
|
-
const noscript =
|
|
423
|
+
const noscript = acceptDataAttrs(meta);
|
|
420
424
|
WhitelistAttributes.noscript.forEach((key2) => {
|
|
421
|
-
if (meta[key2]
|
|
425
|
+
if (meta[key2])
|
|
422
426
|
noscript[key2] = meta[key2];
|
|
423
427
|
});
|
|
424
428
|
return noscript;
|
|
@@ -428,9 +432,9 @@ function whitelistSafeInput(input) {
|
|
|
428
432
|
case "script":
|
|
429
433
|
if (Array.isArray(tagValue)) {
|
|
430
434
|
filtered[key] = tagValue.map((script) => {
|
|
431
|
-
const safeScript =
|
|
435
|
+
const safeScript = acceptDataAttrs(script);
|
|
432
436
|
WhitelistAttributes.script.forEach((s) => {
|
|
433
|
-
if (script[s]
|
|
437
|
+
if (script[s]) {
|
|
434
438
|
if (s === "textContent") {
|
|
435
439
|
try {
|
|
436
440
|
const jsonVal = typeof script[s] === "string" ? JSON.parse(script[s]) : script[s];
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@unhead/shared",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "1.5.
|
|
4
|
+
"version": "1.5.3",
|
|
5
5
|
"author": "Harlan Wilton <harlan@harlanzw.com>",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"funding": "https://github.com/sponsors/harlan-zw",
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
"dist"
|
|
35
35
|
],
|
|
36
36
|
"dependencies": {
|
|
37
|
-
"@unhead/schema": "1.5.
|
|
37
|
+
"@unhead/schema": "1.5.3"
|
|
38
38
|
},
|
|
39
39
|
"devDependencies": {
|
|
40
40
|
"packrup": "^0.1.0"
|