@whitesev/pops 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/index.amd.js +21 -20
  2. package/dist/index.amd.js.map +1 -1
  3. package/dist/index.cjs.js +21 -20
  4. package/dist/index.cjs.js.map +1 -1
  5. package/dist/index.esm.js +21 -20
  6. package/dist/index.esm.js.map +1 -1
  7. package/dist/index.iife.js +21 -20
  8. package/dist/index.iife.js.map +1 -1
  9. package/dist/index.system.js +21 -20
  10. package/dist/index.system.js.map +1 -1
  11. package/dist/index.umd.js +21 -20
  12. package/dist/index.umd.js.map +1 -1
  13. package/dist/types/src/utils/PopsSafeUtils.d.ts +4 -0
  14. package/package.json +1 -1
  15. package/src/components/rightClickMenu/index.ts +2 -1
  16. package/src/utils/PopsDOMUtils.ts +12 -3
  17. package/src/utils/PopsSafeUtils.ts +16 -14
package/dist/index.cjs.js CHANGED
@@ -313,27 +313,28 @@ class PopsUtils {
313
313
  const popsUtils = new PopsUtils();
314
314
 
315
315
  const PopsSafeUtils = {
316
+ /**
317
+ * 获取安全的html
318
+ */
319
+ getSafeHTML(text) {
320
+ // @ts-ignore
321
+ if (globalThis.trustedTypes) {
322
+ // @ts-ignore
323
+ const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
324
+ createHTML: (html) => html,
325
+ });
326
+ return policy.createHTML(text);
327
+ }
328
+ else {
329
+ return text;
330
+ }
331
+ },
316
332
  /**
317
333
  * 设置安全的html
318
334
  */
319
335
  setSafeHTML($el, text) {
320
336
  // 创建 TrustedHTML 策略(需 CSP 允许)
321
- try {
322
- $el.innerHTML = text;
323
- }
324
- catch (error) {
325
- // @ts-ignore
326
- if (globalThis.trustedTypes) {
327
- // @ts-ignore
328
- const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
329
- createHTML: (html) => html,
330
- });
331
- $el.innerHTML = policy.createHTML(text);
332
- }
333
- else {
334
- throw new Error("trustedTypes is not defined");
335
- }
336
- }
337
+ $el.innerHTML = this.getSafeHTML(text);
337
338
  },
338
339
  };
339
340
 
@@ -1525,7 +1526,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
1525
1526
  }
1526
1527
  function elementAppendChild(ele, text) {
1527
1528
  if (typeof content === "string") {
1528
- ele.insertAdjacentHTML("beforeend", text);
1529
+ ele.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(text));
1529
1530
  }
1530
1531
  else {
1531
1532
  ele.appendChild(text);
@@ -1660,7 +1661,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
1660
1661
  return;
1661
1662
  }
1662
1663
  if (typeof content === "string") {
1663
- element.insertAdjacentHTML("beforebegin", content);
1664
+ element.insertAdjacentHTML("beforebegin", PopsSafeUtils.getSafeHTML(content));
1664
1665
  }
1665
1666
  else {
1666
1667
  element.parentElement.insertBefore(content, element);
@@ -1683,7 +1684,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
1683
1684
  return;
1684
1685
  }
1685
1686
  if (typeof content === "string") {
1686
- element.insertAdjacentHTML("afterend", content);
1687
+ element.insertAdjacentHTML("afterend", PopsSafeUtils.getSafeHTML(content));
1687
1688
  }
1688
1689
  else {
1689
1690
  element.parentElement.insertBefore(content, element.nextSibling);
@@ -8986,7 +8987,7 @@ class PopsRightClickMenu {
8986
8987
  menuLiElement.appendChild(iconElement);
8987
8988
  }
8988
8989
  /* 插入文字 */
8989
- menuLiElement.insertAdjacentHTML("beforeend", `<span>${item.text}</span>`);
8990
+ menuLiElement.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`));
8990
8991
  /* 如果存在子数据,显示 */
8991
8992
  if (item.item && Array.isArray(item.item)) {
8992
8993
  popsDOMUtils.addClassName(menuLiElement, `pops-${PopsType}-item`);