@whitesev/pops 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.amd.js +27 -21
- package/dist/index.amd.js.map +1 -1
- package/dist/index.cjs.js +27 -21
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.esm.js +27 -21
- package/dist/index.esm.js.map +1 -1
- package/dist/index.iife.js +27 -21
- package/dist/index.iife.js.map +1 -1
- package/dist/index.system.js +27 -21
- package/dist/index.system.js.map +1 -1
- package/dist/index.umd.js +27 -21
- package/dist/index.umd.js.map +1 -1
- package/dist/types/src/utils/PopsSafeUtils.d.ts +4 -0
- package/package.json +1 -1
- package/src/components/panel/PanelHandleContentDetails.ts +6 -1
- package/src/components/rightClickMenu/index.ts +2 -1
- package/src/utils/PopsDOMUtils.ts +12 -3
- package/src/utils/PopsSafeUtils.ts +16 -14
package/dist/index.umd.js
CHANGED
|
@@ -317,27 +317,28 @@
|
|
|
317
317
|
const popsUtils = new PopsUtils();
|
|
318
318
|
|
|
319
319
|
const PopsSafeUtils = {
|
|
320
|
+
/**
|
|
321
|
+
* 获取安全的html
|
|
322
|
+
*/
|
|
323
|
+
getSafeHTML(text) {
|
|
324
|
+
// @ts-ignore
|
|
325
|
+
if (globalThis.trustedTypes) {
|
|
326
|
+
// @ts-ignore
|
|
327
|
+
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
328
|
+
createHTML: (html) => html,
|
|
329
|
+
});
|
|
330
|
+
return policy.createHTML(text);
|
|
331
|
+
}
|
|
332
|
+
else {
|
|
333
|
+
return text;
|
|
334
|
+
}
|
|
335
|
+
},
|
|
320
336
|
/**
|
|
321
337
|
* 设置安全的html
|
|
322
338
|
*/
|
|
323
339
|
setSafeHTML($el, text) {
|
|
324
340
|
// 创建 TrustedHTML 策略(需 CSP 允许)
|
|
325
|
-
|
|
326
|
-
$el.innerHTML = text;
|
|
327
|
-
}
|
|
328
|
-
catch (error) {
|
|
329
|
-
// @ts-ignore
|
|
330
|
-
if (globalThis.trustedTypes) {
|
|
331
|
-
// @ts-ignore
|
|
332
|
-
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
333
|
-
createHTML: (html) => html,
|
|
334
|
-
});
|
|
335
|
-
$el.innerHTML = policy.createHTML(text);
|
|
336
|
-
}
|
|
337
|
-
else {
|
|
338
|
-
throw new Error("trustedTypes is not defined");
|
|
339
|
-
}
|
|
340
|
-
}
|
|
341
|
+
$el.innerHTML = this.getSafeHTML(text);
|
|
341
342
|
},
|
|
342
343
|
};
|
|
343
344
|
|
|
@@ -1529,7 +1530,7 @@
|
|
|
1529
1530
|
}
|
|
1530
1531
|
function elementAppendChild(ele, text) {
|
|
1531
1532
|
if (typeof content === "string") {
|
|
1532
|
-
ele.insertAdjacentHTML("beforeend", text);
|
|
1533
|
+
ele.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(text));
|
|
1533
1534
|
}
|
|
1534
1535
|
else {
|
|
1535
1536
|
ele.appendChild(text);
|
|
@@ -1664,7 +1665,7 @@
|
|
|
1664
1665
|
return;
|
|
1665
1666
|
}
|
|
1666
1667
|
if (typeof content === "string") {
|
|
1667
|
-
element.insertAdjacentHTML("beforebegin", content);
|
|
1668
|
+
element.insertAdjacentHTML("beforebegin", PopsSafeUtils.getSafeHTML(content));
|
|
1668
1669
|
}
|
|
1669
1670
|
else {
|
|
1670
1671
|
element.parentElement.insertBefore(content, element);
|
|
@@ -1687,7 +1688,7 @@
|
|
|
1687
1688
|
return;
|
|
1688
1689
|
}
|
|
1689
1690
|
if (typeof content === "string") {
|
|
1690
|
-
element.insertAdjacentHTML("afterend", content);
|
|
1691
|
+
element.insertAdjacentHTML("afterend", PopsSafeUtils.getSafeHTML(content));
|
|
1691
1692
|
}
|
|
1692
1693
|
else {
|
|
1693
1694
|
element.parentElement.insertBefore(content, element.nextSibling);
|
|
@@ -6058,7 +6059,12 @@
|
|
|
6058
6059
|
return;
|
|
6059
6060
|
}
|
|
6060
6061
|
Object.keys(props).forEach((propName) => {
|
|
6061
|
-
|
|
6062
|
+
let value = props[propName];
|
|
6063
|
+
if (propName === "innerHTML") {
|
|
6064
|
+
PopsSafeUtils.setSafeHTML(element, value);
|
|
6065
|
+
return;
|
|
6066
|
+
}
|
|
6067
|
+
Reflect.set(element, propName, value);
|
|
6062
6068
|
});
|
|
6063
6069
|
},
|
|
6064
6070
|
/**
|
|
@@ -8990,7 +8996,7 @@
|
|
|
8990
8996
|
menuLiElement.appendChild(iconElement);
|
|
8991
8997
|
}
|
|
8992
8998
|
/* 插入文字 */
|
|
8993
|
-
menuLiElement.insertAdjacentHTML("beforeend", `<span>${item.text}</span>`);
|
|
8999
|
+
menuLiElement.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`));
|
|
8994
9000
|
/* 如果存在子数据,显示 */
|
|
8995
9001
|
if (item.item && Array.isArray(item.item)) {
|
|
8996
9002
|
popsDOMUtils.addClassName(menuLiElement, `pops-${PopsType}-item`);
|