@whitesev/pops 2.0.0 → 2.0.2

package/dist/index.amd.js

@@ -313,27 +313,28 @@ define((function () { 'use strict';
     const popsUtils = new PopsUtils();
 
     const PopsSafeUtils = {
+        /**
+         * 获取安全的html
+         */
+        getSafeHTML(text) {
+            // @ts-ignore
+            if (globalThis.trustedTypes) {
+                // @ts-ignore
+                const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
+                    createHTML: (html) => html,
+                });
+                return policy.createHTML(text);
+            }
+            else {
+                return text;
+            }
+        },
         /**
          * 设置安全的html
          */
         setSafeHTML($el, text) {
             // 创建 TrustedHTML 策略（需 CSP 允许）
-            try {
-                $el.innerHTML = text;
-            }
-            catch (error) {
-                // @ts-ignore
-                if (globalThis.trustedTypes) {
-                    // @ts-ignore
-                    const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
-                        createHTML: (html) => html,
-                    });
-                    $el.innerHTML = policy.createHTML(text);
-                }
-                else {
-                    throw new Error("trustedTypes is not defined");
-                }
-            }
+            $el.innerHTML = this.getSafeHTML(text);
         },
     };
 
@@ -1525,7 +1526,7 @@ define((function () { 'use strict';
             }
             function elementAppendChild(ele, text) {
                 if (typeof content === "string") {
-                    ele.insertAdjacentHTML("beforeend", text);
+                    ele.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(text));
                 }
                 else {
                     ele.appendChild(text);
@@ -1660,7 +1661,7 @@ define((function () { 'use strict';
                 return;
             }
             if (typeof content === "string") {
-                element.insertAdjacentHTML("beforebegin", content);
+                element.insertAdjacentHTML("beforebegin", PopsSafeUtils.getSafeHTML(content));
             }
             else {
                 element.parentElement.insertBefore(content, element);
@@ -1683,7 +1684,7 @@ define((function () { 'use strict';
                 return;
             }
             if (typeof content === "string") {
-                element.insertAdjacentHTML("afterend", content);
+                element.insertAdjacentHTML("afterend", PopsSafeUtils.getSafeHTML(content));
             }
             else {
                 element.parentElement.insertBefore(content, element.nextSibling);
@@ -6054,7 +6055,12 @@ define((function () { 'use strict';
                     return;
                 }
                 Object.keys(props).forEach((propName) => {
-                    Reflect.set(element, propName, props[propName]);
+                    let value = props[propName];
+                    if (propName === "innerHTML") {
+                        PopsSafeUtils.setSafeHTML(element, value);
+                        return;
+                    }
+                    Reflect.set(element, propName, value);
                 });
             },
             /**
@@ -8986,7 +8992,7 @@ define((function () { 'use strict';
                             menuLiElement.appendChild(iconElement);
                         }
                         /* 插入文字 */
-                        menuLiElement.insertAdjacentHTML("beforeend", `<span>${item.text}</span>`);
+                        menuLiElement.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`));
                         /* 如果存在子数据，显示 */
                         if (item.item && Array.isArray(item.item)) {
                             popsDOMUtils.addClassName(menuLiElement, `pops-${PopsType}-item`);