@vertigis/react-ui 16.6.2 → 16.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/utils/html.js +6 -30
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vertigis/react-ui",
|
|
3
|
-
"version": "16.
|
|
3
|
+
"version": "16.7.0",
|
|
4
4
|
"description": "Utilities and React components used in VertiGIS applications.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"vertigis",
|
|
@@ -30,7 +30,7 @@
|
|
|
30
30
|
"xss": "^1.0.15"
|
|
31
31
|
},
|
|
32
32
|
"devDependencies": {
|
|
33
|
-
"@esri/arcgis-html-sanitizer": "^
|
|
33
|
+
"@esri/arcgis-html-sanitizer": "^4.0.3",
|
|
34
34
|
"@types/autosuggest-highlight": "^3.2.3",
|
|
35
35
|
"@types/color": "^3.0.6",
|
|
36
36
|
"@types/lodash.escape": "^4.0.9",
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"peerDependencies": {
|
|
41
41
|
"@emotion/react": "*",
|
|
42
42
|
"@emotion/styled": "*",
|
|
43
|
-
"@esri/arcgis-html-sanitizer": "^
|
|
43
|
+
"@esri/arcgis-html-sanitizer": "^4.0.3",
|
|
44
44
|
"react": ">= 17 < 19",
|
|
45
45
|
"react-dom": ">= 17 < 19"
|
|
46
46
|
},
|
package/utils/html.js
CHANGED
|
@@ -42,45 +42,21 @@ export function sanitizeHtml(unsafeHtml) {
|
|
|
42
42
|
};
|
|
43
43
|
const options = {
|
|
44
44
|
safeAttrValue: checkUris,
|
|
45
|
-
//
|
|
46
|
-
// library (
|
|
47
|
-
//
|
|
48
|
-
// https://github.com/Esri/arcgis-html-sanitizer/blob/master/src/index.ts
|
|
49
|
-
// In addition to what they support, we also need to support benign
|
|
50
|
-
// tags generated by the markdown library.
|
|
45
|
+
// We are mainly relying on the default HTML & CSS whitelists provided by Esri's
|
|
46
|
+
// sanitization library (some element/attributes are maintained for backwards compatibility)
|
|
47
|
+
// and only overriding some options (since we are passing `true` as the second parameter).
|
|
51
48
|
whiteList: {
|
|
52
|
-
a: ["
|
|
53
|
-
|
|
54
|
-
blockquote: [],
|
|
55
|
-
del: [],
|
|
56
|
-
h1: [],
|
|
57
|
-
h2: [],
|
|
58
|
-
h3: [],
|
|
59
|
-
h4: [],
|
|
60
|
-
h5: [],
|
|
61
|
-
h6: [],
|
|
62
|
-
img: ["alt", "border", "height", "src", "style", "title", "width"],
|
|
49
|
+
a: ["title"],
|
|
50
|
+
img: ["title"],
|
|
63
51
|
ol: ["start"],
|
|
64
|
-
p: ["style"],
|
|
65
|
-
pre: [],
|
|
66
|
-
span: ["style"],
|
|
67
52
|
thead: [],
|
|
68
53
|
},
|
|
69
54
|
stripIgnoreTag: true,
|
|
70
55
|
stripIgnoreTagBody: true,
|
|
71
56
|
allowCommentTag: false,
|
|
72
57
|
css: {
|
|
73
|
-
// Allow properties that are configurable on PopupTemplate
|
|
74
|
-
// content, via AGOL Map Viewer's rich text editor; they are
|
|
75
|
-
// injected as span elements with style attributes.
|
|
76
58
|
whiteList: {
|
|
77
|
-
"background-
|
|
78
|
-
color: true,
|
|
79
|
-
"font-size": true,
|
|
80
|
-
"font-family": true,
|
|
81
|
-
"font-weight": true,
|
|
82
|
-
"text-align": true,
|
|
83
|
-
"text-decoration": true,
|
|
59
|
+
"background-image": false,
|
|
84
60
|
},
|
|
85
61
|
},
|
|
86
62
|
};
|