@whitesev/pops 1.9.7 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.amd.js +225 -173
- package/dist/index.amd.js.map +1 -1
- package/dist/index.cjs.js +225 -173
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.esm.js +225 -173
- package/dist/index.esm.js.map +1 -1
- package/dist/index.iife.js +225 -173
- package/dist/index.iife.js.map +1 -1
- package/dist/index.system.js +225 -173
- package/dist/index.system.js.map +1 -1
- package/dist/index.umd.js +225 -173
- package/dist/index.umd.js.map +1 -1
- package/dist/types/src/utils/PopsSafeUtils.d.ts +6 -0
- package/package.json +1 -1
- package/src/Pops.ts +4 -3
- package/src/components/folder/index.ts +45 -32
- package/src/components/panel/PanelHandleContentDetails.ts +176 -132
- package/src/components/rightClickMenu/index.ts +9 -3
- package/src/components/searchSuggestion/index.ts +13 -4
- package/src/components/tooltip/index.ts +2 -1
- package/src/utils/PopsDOMUtils.ts +9 -3
- package/src/utils/PopsSafeUtils.ts +22 -0
|
@@ -5,6 +5,7 @@ import { popsUtils } from "../../utils/PopsUtils";
|
|
|
5
5
|
import type { PopsSearchSuggestionDetails } from "./indexType";
|
|
6
6
|
import { searchSuggestionConfig as PopsSearchSuggestionConfig } from "./config";
|
|
7
7
|
import { GlobalConfig } from "../../GlobalConfig";
|
|
8
|
+
import { PopsSafeUtils } from "../../utils/PopsSafeUtils";
|
|
8
9
|
|
|
9
10
|
export class PopsSearchSuggestion {
|
|
10
11
|
constructor(details: PopsSearchSuggestionDetails) {
|
|
@@ -35,8 +36,15 @@ export class PopsSearchSuggestion {
|
|
|
35
36
|
|
|
36
37
|
if (config.style != null) {
|
|
37
38
|
let cssNode = document.createElement("style");
|
|
38
|
-
|
|
39
|
-
|
|
39
|
+
popsDOMUtils.createElement(
|
|
40
|
+
"style",
|
|
41
|
+
{
|
|
42
|
+
innerHTML: config.style,
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
type: "text/css",
|
|
46
|
+
}
|
|
47
|
+
);
|
|
40
48
|
$shadowRoot.appendChild(cssNode);
|
|
41
49
|
}
|
|
42
50
|
|
|
@@ -515,7 +523,7 @@ export class PopsSearchSuggestion {
|
|
|
515
523
|
* 清空所有的搜索结果
|
|
516
524
|
*/
|
|
517
525
|
clearAllSearchItemLi() {
|
|
518
|
-
SearchSuggestion.$el.$hintULContainer
|
|
526
|
+
PopsSafeUtils.setSafeHTML(SearchSuggestion.$el.$hintULContainer, "");
|
|
519
527
|
},
|
|
520
528
|
/**
|
|
521
529
|
* 更新搜索建议框的位置(top、left)
|
|
@@ -610,7 +618,8 @@ export class PopsSearchSuggestion {
|
|
|
610
618
|
* 动态更新CSS
|
|
611
619
|
*/
|
|
612
620
|
updateDynamicCSS() {
|
|
613
|
-
|
|
621
|
+
let cssText = this.getDynamicCSS();
|
|
622
|
+
PopsSafeUtils.setSafeHTML(this.$el.$dynamicCSS, cssText);
|
|
614
623
|
},
|
|
615
624
|
/**
|
|
616
625
|
* 更新页面显示的搜索结果
|
|
@@ -2,6 +2,7 @@ import { GlobalConfig } from "../../GlobalConfig";
|
|
|
2
2
|
import { PopsHandler } from "../../handler/PopsHandler";
|
|
3
3
|
import { pops } from "../../Pops";
|
|
4
4
|
import { popsDOMUtils } from "../../utils/PopsDOMUtils";
|
|
5
|
+
import { PopsSafeUtils } from "../../utils/PopsSafeUtils";
|
|
5
6
|
import { popsUtils } from "../../utils/PopsUtils";
|
|
6
7
|
import { PopsTooltipConfig } from "./config";
|
|
7
8
|
import type { PopsToolTipDetails } from "./indexType";
|
|
@@ -127,7 +128,7 @@ export class ToolTip {
|
|
|
127
128
|
if (text == null) {
|
|
128
129
|
text = this.getContent();
|
|
129
130
|
}
|
|
130
|
-
this.$el.$content
|
|
131
|
+
PopsSafeUtils.setSafeHTML(this.$el.$content, text);
|
|
131
132
|
}
|
|
132
133
|
/**
|
|
133
134
|
* 获取z-index
|
|
@@ -11,6 +11,7 @@ import type {
|
|
|
11
11
|
PopsDOMUtilsEventListenerOptionsAttribute,
|
|
12
12
|
} from "../types/PopsDOMUtilsEventType";
|
|
13
13
|
import { popsUtils } from "./PopsUtils";
|
|
14
|
+
import { PopsSafeUtils } from "./PopsSafeUtils";
|
|
14
15
|
|
|
15
16
|
class PopsDOMUtilsEvent {
|
|
16
17
|
/**
|
|
@@ -1636,7 +1637,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1636
1637
|
): HTMLElementTagNameMap[K] {
|
|
1637
1638
|
let tempElement = PopsCore.document.createElement(tagName);
|
|
1638
1639
|
if (typeof property === "string") {
|
|
1639
|
-
tempElement
|
|
1640
|
+
PopsSafeUtils.setSafeHTML(tempElement, property);
|
|
1640
1641
|
return tempElement;
|
|
1641
1642
|
}
|
|
1642
1643
|
if (property == null) {
|
|
@@ -1647,7 +1648,12 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1647
1648
|
}
|
|
1648
1649
|
Object.keys(property).forEach((key) => {
|
|
1649
1650
|
let value = property[key];
|
|
1650
|
-
(
|
|
1651
|
+
if (key === "innerHTML") {
|
|
1652
|
+
PopsSafeUtils.setSafeHTML(tempElement, value);
|
|
1653
|
+
return;
|
|
1654
|
+
}
|
|
1655
|
+
// @ts-ignore
|
|
1656
|
+
tempElement[key] = value;
|
|
1651
1657
|
});
|
|
1652
1658
|
Object.keys(attributes).forEach((key) => {
|
|
1653
1659
|
let value = attributes[key];
|
|
@@ -1899,7 +1905,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1899
1905
|
}
|
|
1900
1906
|
function parseHTMLByCreateDom() {
|
|
1901
1907
|
let tempDIV = PopsCore.document.createElement("div");
|
|
1902
|
-
tempDIV
|
|
1908
|
+
PopsSafeUtils.setSafeHTML(tempDIV, html);
|
|
1903
1909
|
if (isComplete) {
|
|
1904
1910
|
return tempDIV;
|
|
1905
1911
|
} else {
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
export const PopsSafeUtils = {
|
|
2
|
+
/**
|
|
3
|
+
* 设置安全的html
|
|
4
|
+
*/
|
|
5
|
+
setSafeHTML($el: Element, text: string) {
|
|
6
|
+
// 创建 TrustedHTML 策略(需 CSP 允许)
|
|
7
|
+
try {
|
|
8
|
+
$el.innerHTML = text;
|
|
9
|
+
} catch (error) {
|
|
10
|
+
// @ts-ignore
|
|
11
|
+
if (globalThis.trustedTypes) {
|
|
12
|
+
// @ts-ignore
|
|
13
|
+
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
14
|
+
createHTML: (html: string) => html,
|
|
15
|
+
});
|
|
16
|
+
$el.innerHTML = policy.createHTML(text);
|
|
17
|
+
} else {
|
|
18
|
+
throw new Error("trustedTypes is not defined");
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
},
|
|
22
|
+
};
|