npm - @unsetsoft/ryunixjs - Versions diffs - 1.2.4-canary.1 → 1.2.4-canary.2 - Mend

@unsetsoft/ryunixjs 1.2.4-canary.1 → 1.2.4-canary.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/Ryunix.esm.js +1 -125
package/dist/Ryunix.esm.js.map +1 -1
package/dist/Ryunix.umd.js +1 -125
package/dist/Ryunix.umd.js.map +1 -1
package/dist/Ryunix.umd.min.js +1 -1
package/dist/Ryunix.umd.min.js.map +1 -1
package/package.json +1 -1

package/dist/Ryunix.esm.js CHANGED Viewed

@@ -56,17 +56,6 @@ const EFFECT_TAGS = Object.freeze({
   NO_EFFECT: Symbol.for('ryunix.reconciler.status.no_effect'),
 });
-const DANGEROUSLY_SET_INNER_HTML = 'dangerousInjection';
-const DANGEROUS_PROPERTIES = Object.freeze([
-  'innerHTML',
-  'outerHTML',
-  'insertAdjacentHTML',
-  'insertAdjacentText',
-  'insertAdjacentElement',
-  'setHTML',
-]);
 /**
  * Type checking utilities
  */
@@ -280,71 +269,6 @@ const runEffects = (fiber) => {
   }
 };
-/**
- * Checks if a property is dangerous and should be blocked
- * @param {string} propName - Property name
- * @returns {boolean} True if the property is dangerous
- */
-const isDangerousProperty = (propName) => {
-  return DANGEROUS_PROPERTIES.includes(propName)
-};
-/**
- * Validates and applies DANGEROUSLY_SET_INNER_HTML safely
- * @param {HTMLElement} dom - DOM element
- * @param {Object} DANGEROUSLY_SET_INNER_HTML - Object with __html property
- */
-const applyDangerouslySetInnerHTML = (dom, dangerousInjection) => {
-  if (!is.object(dangerousInjection)) {
-    if (process.env.NODE_ENV !== 'production') {
-      console.warn(
-        `${DANGEROUSLY_SET_INNER_HTML} must be an object with the __html property`,
-      );
-    }
-    return
-  }
-  if (!('__html' in dangerousInjection)) {
-    if (process.env.NODE_ENV !== 'production') {
-      console.warn(
-        `${DANGEROUSLY_SET_INNER_HTML} must have the __html property`,
-      );
-    }
-    return
-  }
-  const html = dangerousInjection.__html;
-  if (html == null) {
-    dom.innerHTML = '';
-    return
-  }
-  if (typeof html !== 'string') {
-    if (process.env.NODE_ENV !== 'production') {
-      console.warn(`${DANGEROUSLY_SET_INNER_HTML}.__html must be a string`);
-    }
-    return
-  }
-  // Warning in development
-  if (process.env.NODE_ENV !== 'production') {
-    console.warn(
-      `⚠️ WARNING: You are using ${DANGEROUSLY_SET_INNER_HTML}. ` +
-        'This can expose your application to XSS attacks if the content is not sanitized. ' +
-        'Make sure you trust the source of the HTML before using it.',
-    );
-  }
-  try {
-    dom.innerHTML = html;
-  } catch (error) {
-    if (process.env.NODE_ENV !== 'production') {
-      console.error('Error setting innerHTML:', error);
-    }
-  }
-};
 /**
  * Convert camelCase to kebab-case for CSS properties
  * @param {string} camelCase - CamelCase string
@@ -459,40 +383,6 @@ const createDom = (fiber) => {
  * @param {Object} nextProps - Next props
  */
 const updateDom = (dom, prevProps = {}, nextProps = {}) => {
-  // Block dangerous properties
-  const dangerousProps = Object.keys(nextProps).filter(isDangerousProperty);
-  if (dangerousProps.length > 0) {
-    if (process.env.NODE_ENV !== 'production') {
-      console.error(
-        `⚠️ SECURITY ERROR: Attempted to use ${DANGEROUS_PROPERTIES.join(', ')}: ${dangerousProps.join(', ')}. ` +
-          `These properties are blocked to prevent XSS injections. ` +
-          `If you need to insert HTML, use ${DANGEROUSLY_SET_INNER_HTML} with the structure: ` +
-          `{ ${DANGEROUSLY_SET_INNER_HTML}: { __html: 'your html here' } }`,
-      );
-    }
-    // Remove dangerous properties from nextProps to prevent their use
-    dangerousProps.forEach((prop) => {
-      delete nextProps[prop];
-    });
-  }
-  // Handle dangerouslySetInnerHTML
-  if (DANGEROUSLY_SET_INNER_HTML in nextProps) {
-    // If there are children along with dangerouslySetInnerHTML, warn
-    if (nextProps.children && nextProps.children.length > 0) {
-      if (process.env.NODE_ENV !== 'production') {
-        console.warn(
-          `⚠️ WARNING: You cannot use children together with ${DANGEROUSLY_SET_INNER_HTML}. ` +
-            'Children will be ignored.',
-        );
-      }
-    }
-    applyDangerouslySetInnerHTML(dom, nextProps[DANGEROUSLY_SET_INNER_HTML]);
-  } else if (DANGEROUSLY_SET_INNER_HTML in prevProps) {
-    // If dangerouslySetInnerHTML was removed, clear innerHTML
-    dom.innerHTML = '';
-  }
   // Remove old event listeners
   Object.keys(prevProps)
     .filter(isEvent)
@@ -520,20 +410,11 @@ const updateDom = (dom, prevProps = {}, nextProps = {}) => {
           OLD_STRINGS.STYLE,
           STRINGS.CLASS_NAME,
           OLD_STRINGS.CLASS_NAME,
-          DANGEROUSLY_SET_INNER_HTML,
         ].includes(name)
       ) {
         return
       }
-      // Don't try to clean dangerous properties
-      if (isDangerousProperty(name)) {
-        return
-      }
-      try {
-        dom[name] = '';
-      } catch (error) {
-        // Ignore errors when cleaning read-only properties
-      }
+      dom[name] = '';
     });
   // Set new properties
@@ -542,11 +423,6 @@ const updateDom = (dom, prevProps = {}, nextProps = {}) => {
     .filter(isNew(prevProps, nextProps))
     .forEach((name) => {
       try {
-        // Skip dangerouslySetInnerHTML (already handled above)
-        if (name === DANGEROUSLY_SET_INNER_HTML) {
-          return
-        }
         // Handle style properties
         if (name === STRINGS.STYLE || name === OLD_STRINGS.STYLE) {
           const styleValue = nextProps[name];