@whitesev/pops 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.amd.js +27 -21
- package/dist/index.amd.js.map +1 -1
- package/dist/index.cjs.js +27 -21
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.esm.js +27 -21
- package/dist/index.esm.js.map +1 -1
- package/dist/index.iife.js +27 -21
- package/dist/index.iife.js.map +1 -1
- package/dist/index.system.js +27 -21
- package/dist/index.system.js.map +1 -1
- package/dist/index.umd.js +27 -21
- package/dist/index.umd.js.map +1 -1
- package/dist/types/src/utils/PopsSafeUtils.d.ts +4 -0
- package/package.json +1 -1
- package/src/components/panel/PanelHandleContentDetails.ts +6 -1
- package/src/components/rightClickMenu/index.ts +2 -1
- package/src/utils/PopsDOMUtils.ts +12 -3
- package/src/utils/PopsSafeUtils.ts +16 -14
package/package.json
CHANGED
|
@@ -188,7 +188,12 @@ export const PanelHandleContentDetails = () => {
|
|
|
188
188
|
return;
|
|
189
189
|
}
|
|
190
190
|
Object.keys(props).forEach((propName) => {
|
|
191
|
-
|
|
191
|
+
let value = props[propName];
|
|
192
|
+
if (propName === "innerHTML") {
|
|
193
|
+
PopsSafeUtils.setSafeHTML(element, value);
|
|
194
|
+
return;
|
|
195
|
+
}
|
|
196
|
+
Reflect.set(element, propName, value);
|
|
192
197
|
});
|
|
193
198
|
},
|
|
194
199
|
/**
|
|
@@ -4,6 +4,7 @@ import { PopsHandler } from "../../handler/PopsHandler";
|
|
|
4
4
|
import { pops } from "../../Pops";
|
|
5
5
|
import type { PopsIcon } from "../../types/icon";
|
|
6
6
|
import { popsDOMUtils } from "../../utils/PopsDOMUtils";
|
|
7
|
+
import { PopsSafeUtils } from "../../utils/PopsSafeUtils";
|
|
7
8
|
import { popsUtils } from "../../utils/PopsUtils";
|
|
8
9
|
import { rightClickMenuConfig as PopsRightClickMenuConfig } from "./config";
|
|
9
10
|
import type {
|
|
@@ -453,7 +454,7 @@ export class PopsRightClickMenu {
|
|
|
453
454
|
/* 插入文字 */
|
|
454
455
|
menuLiElement.insertAdjacentHTML(
|
|
455
456
|
"beforeend",
|
|
456
|
-
`<span>${item.text}</span>`
|
|
457
|
+
PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`)
|
|
457
458
|
);
|
|
458
459
|
/* 如果存在子数据,显示 */
|
|
459
460
|
if (item.item && Array.isArray(item.item)) {
|
|
@@ -1944,7 +1944,10 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1944
1944
|
}
|
|
1945
1945
|
function elementAppendChild(ele: HTMLElement, text: HTMLElement | string) {
|
|
1946
1946
|
if (typeof content === "string") {
|
|
1947
|
-
ele.insertAdjacentHTML(
|
|
1947
|
+
ele.insertAdjacentHTML(
|
|
1948
|
+
"beforeend",
|
|
1949
|
+
PopsSafeUtils.getSafeHTML(text as string)
|
|
1950
|
+
);
|
|
1948
1951
|
} else {
|
|
1949
1952
|
ele.appendChild(text as HTMLElement);
|
|
1950
1953
|
}
|
|
@@ -2078,7 +2081,10 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
2078
2081
|
return;
|
|
2079
2082
|
}
|
|
2080
2083
|
if (typeof content === "string") {
|
|
2081
|
-
element.insertAdjacentHTML(
|
|
2084
|
+
element.insertAdjacentHTML(
|
|
2085
|
+
"beforebegin",
|
|
2086
|
+
PopsSafeUtils.getSafeHTML(content)
|
|
2087
|
+
);
|
|
2082
2088
|
} else {
|
|
2083
2089
|
element!.parentElement!.insertBefore(content, element);
|
|
2084
2090
|
}
|
|
@@ -2103,7 +2109,10 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
2103
2109
|
return;
|
|
2104
2110
|
}
|
|
2105
2111
|
if (typeof content === "string") {
|
|
2106
|
-
element.insertAdjacentHTML(
|
|
2112
|
+
element.insertAdjacentHTML(
|
|
2113
|
+
"afterend",
|
|
2114
|
+
PopsSafeUtils.getSafeHTML(content)
|
|
2115
|
+
);
|
|
2107
2116
|
} else {
|
|
2108
2117
|
element!.parentElement!.insertBefore(content, element.nextSibling);
|
|
2109
2118
|
}
|
|
@@ -1,22 +1,24 @@
|
|
|
1
1
|
export const PopsSafeUtils = {
|
|
2
|
+
/**
|
|
3
|
+
* 获取安全的html
|
|
4
|
+
*/
|
|
5
|
+
getSafeHTML(text: string) {
|
|
6
|
+
// @ts-ignore
|
|
7
|
+
if (globalThis.trustedTypes) {
|
|
8
|
+
// @ts-ignore
|
|
9
|
+
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
10
|
+
createHTML: (html: string) => html,
|
|
11
|
+
});
|
|
12
|
+
return policy.createHTML(text);
|
|
13
|
+
} else {
|
|
14
|
+
return text;
|
|
15
|
+
}
|
|
16
|
+
},
|
|
2
17
|
/**
|
|
3
18
|
* 设置安全的html
|
|
4
19
|
*/
|
|
5
20
|
setSafeHTML($el: Element, text: string) {
|
|
6
21
|
// 创建 TrustedHTML 策略(需 CSP 允许)
|
|
7
|
-
|
|
8
|
-
$el.innerHTML = text;
|
|
9
|
-
} catch (error) {
|
|
10
|
-
// @ts-ignore
|
|
11
|
-
if (globalThis.trustedTypes) {
|
|
12
|
-
// @ts-ignore
|
|
13
|
-
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
14
|
-
createHTML: (html: string) => html,
|
|
15
|
-
});
|
|
16
|
-
$el.innerHTML = policy.createHTML(text);
|
|
17
|
-
} else {
|
|
18
|
-
throw new Error("trustedTypes is not defined");
|
|
19
|
-
}
|
|
20
|
-
}
|
|
22
|
+
$el.innerHTML = this.getSafeHTML(text);
|
|
21
23
|
},
|
|
22
24
|
};
|